Skip to content

Red Teaming / Purple Teaming

How well prepared are you and your security departments (SIEM, SOC, Blue Team) against real hacker attacks? Are you able to recognize and fend off real hacker attacks? Which Tactics, Techniques and Procedures (TTPs) of the MITRE ATT&CK Matrix are you already aware of?

Scope of the pentest

In this security analysis, our experts examine your resilience to realistic hacker attacks. In this process, we aim to successfully compromise your global organization by utilizing well-known Advanced Persistent Threat (APT) methods, also known as TTPs, alongside a C2 infrastructure

Exemplary test objects:

Social engineering and phishing

Our experts use social engineering or phishing to gain initial access to the internal company network.

Privilege Escalation

Our experts conduct attacks aimed at escalating privileges, with the objective of acquiring administrative access to endpoint devices.

Lateral Movement

Our experts analyze your corporate network to compromise critical IT assets and data.

In 2020, several large companies such as Twitter, Amazon and Shopify were victims of insider attacks. ¹


More than two thirds of all companies state that they are vulnerable to attacks from within. ¹

An average attack by an insider is discovered after 77 days. ²

Red Teaming / Purple Teaming

Our approach

During a Red Teaming Assessment, our IT experts thoroughly examine your entire corporate structure for potential entry points. The objective of the tests is to assess your resilience against real-world APT attacks. Furthermore, we provide you with helpful recommendations for hardening IT systems as well as for the detection and prevention of attacks.

In an initial coordination meeting, we define the objective of the Red Teaming Assessment. The scope of the audit and the IT systems included are discussed here. The content of a Red Teaming Assessment varies from company to company and is mostly based on the current security status of your company. A red teaming assessment can be carried out from various attacker perspectives. For example, by an external attacker without access to your internal network, who must first achieve a so-called “initial foothold” using various attack methods. This is usually achieved through social engineering, phishing or the compromise of one of your IT systems exposed on the Internet.

Alternatively, the “Assumed Breach” perspective of an attacker is often chosen. This approach simulates a scenario where an attacker already possesses access to an endpoint device within your internal IT infrastructure. It is then examined what could happen if an initial attack, for instance through social engineering or phishing, is successful. Starting from the attacker’s low-privileged position within the network, our goal is to compromise the key IT systems and data of your company. We define which systems are targeted and the criteria for a Red Teaming Assessment to be deemed successful and concluded during a collaborative meeting. A Red Teaming Assessment typically includes the complete compromise of your MS Active Directory environment as a domain administrator. Security solutions such as EDR/XDR remain activated and the SIEM/SOC team may not be informed about the test in advance.

Upon completion, you will receive a detailed final report including a list of recommended actions. In this report, we explain how a compromise of your company was possible from an attacker’s perspective and which steps you need to take to address the exploited vulnerabilities and misconfigurations.

Purple Teaming

If your company has already carried out several Red Teaming Assessments and can recognize and block many of the MITRE ATT&CK Matrix TTPs, we would be happy to carry out a so-called Purple Teaming Assessment. In the process, we maintain close communication with your Blue Teams and SOC/SIEM experts while realistic APT attacks are carried out.

Together, we identify existing gaps in the detection and prevention of known TTPs and assist you in enhancing your resilience in the shortest possible time.


Red or Purple Teaming Assessments are generally only available to companies that already carry out regular penetration tests and security checks.

It is therefore assumed that technical measures have already been implemented to detect, analyze, and counteract active attacks. This is typically carried out by internal security departments such as a Blue Team, SIEM, or SOC. In addition, there are tested procedures and processes at the organizational level. If these measures are not yet in place within your company, we recommend starting with regular penetration tests.

The following requirements apply to your company:
  • Penetration tests already carried out and regularly scheduled
  • Existence of an IT security team (Blue Team, SOC, SIEM etc.)
  • Existence of EDR/XDR/MDR solutions
  • Centralized logging, alerting and ad-hoc responding (SOC/SIEM)

Standards and qualifications

We follow recognized international standards for our pentest procedure.

Our penetration testers are highly qualified and certified with several recognized hacking certificates.