Penetration test and red teaming are cybersecurity terms. But what exactly is red teaming? And what is a penetration test all about? What are the differences between the two terms?
What Is a Penetration Test?
A penetration test, or colloquially “pentest”, involves systematically checking a system for technical vulnerabilities. Every company has a unique IT infrastructure, which is why the procedure for pentests is always individual. Different techniques are used, such as semi-automatic vulnerability scans, API monitoring or reserve engineering. The information situation prior to penetration testing is also crucial, as there is the white-, grey- or black-box approach, in which the pentesters have all or almost no information about the object under investigation. These factors influence the course of a pentest.
One difference between penetration testing and red teaming is that pentesting ends with the identification of vulnerabilities. In red teaming, however, vulnerabilities are actively exploited. You will learn exactly how this can be done later in this article.
What Is a System Vulnerability? What Does It Mean?
A weakness or vulnerability is the inability to withstand a malicious action. An example of this is a so-called “SQL injection”, where malicious code can be entered into any type of input field and then sent to the server. The entered data cannot be read as the program originally intended. Instead, the code performs an action on the database that can lead to the compromise of a system.
What Is Red Teaming?
The term red teaming, like its counterpart blue teaming, originated in the military. One group of offensive experts (red team) attacks something and another group of defensive experts (blue team) defends it.
Red teaming in the cybersecurity world refers to a simulated attack on a company, human or system. A red teaming assessment is always based on a scenario. Unlike penetration testing, it not only looks for vulnerabilities, but also exploits them. This allows the interaction of the existing security components to be tested. The goal of such an audit is not to search for all possible vulnerabilities, but to identify vulnerabilities that allow a system to be compromised. Thus, it may well be that a system has other vulnerabilities that are not directly considered during the audit.
Another important difference between penetration testing and red teaming is that in pentests, technical vulnerabilities are identified. Red teaming additionally looks for organizational weaknesses, such as an employee leaving a door open, which allows an attacker to enter a company unnoticed.
The goal of a red teaming project could be to find out how far an attacker who was able to gain access to a laptop would get. For example, attempts can be made to gain the highest possible rights in Windows Active Directory.
To do this, weak configurations, missing patches and unprotected access options are combined in such a way that a kill chain is created, via which the affected systems are completely compromised. The term “kill chain” is also a military concept and describes the course of an attack.
Simulated attacks on the human factor are also often used, such as so-called “in-person social engineering”. The goal here is to use physical and personal interactions to obtain data, information or even documents to which unauthorized persons would otherwise not have access.
In social engineering, the good nature, helpfulness, but also the ignorance of a person is exploited, for example, to physically break into a company. This type of work requires good nerves. Often the employees of the attacked company do not know about the simulated attack. For this reason, a social engineer should have acting skills, be persuasive and resourceful. Above-average observation skills and adaptability are also key.
Simplified, a penetration test is finding a weakness and red teaming is exploiting the weaknesses. In addition, penetration tests are usually limited to technical vulnerabilities, whereas red teaming also addresses organizational vulnerabilities.
Are you interested in performing a penetration test or red teaming? Or do you still have open questions? We look forward to hearing from you without obligation.
About the Author
Nick Ohya first completed an apprenticeship as a software developer. After that, he worked for over 6 years in that field. Of those 6 years, he was a project manager and trainer for 4 years. Nick Ohya’s interest in cyber security grew, while he was working as a system integrator and project manager. With the goal to get into cyber security, he started his studies in cyber security while working as project manager for an electronics retailer. In 2022, he started working as a Pre-Sales Consultant at Oneconsult.