Red Team — Technology Wiki

Overview

Direct Answer

A red team is a group of authorised security professionals who conduct simulated adversarial attacks against an organisation's systems, networks, and personnel to identify vulnerabilities and weaknesses before malicious actors do. This controlled offensive exercise differs from penetration testing in scope and duration, typically operating with minimal constraints to mimic sophisticated threat actors.

How It Works

Red teams plan and execute multi-phase attack campaigns using techniques drawn from real-world threat intelligence. They may combine technical exploits, social engineering, physical security bypasses, and business logic flaws to achieve specific objectives. The team documents findings, attack paths, and the organisation's defensive detection and response, then provides detailed reports to leadership and defensive teams.

Why It Matters

Red teaming reveals critical gaps in detection, incident response, and security posture that conventional vulnerability scanning misses. Organisations rely on these exercises to validate investments in security controls, measure defensive team readiness, and satisfy regulatory or compliance requirements. The insights directly reduce breach risk and response time.

Common Applications

Financial institutions conduct red team exercises before major system deployments; government agencies use them to test classified network defences; technology companies assess cloud infrastructure and application security; healthcare organisations evaluate patient data protection controls.

Key Considerations

Scope creep and undefined rules of engagement can lead to business disruption or unintended damage; red team findings reflect a point-in-time assessment and require continuous re-evaluation as threats and defences evolve. Organisations must ensure proper authorisation and stakeholder alignment before engagement.

Referenced By2 terms mention Red Team

Other entries in the wiki whose definition references Red Team — useful for understanding how this concept connects across Cybersecurity and adjacent domains.

Adversary Simulation·Cybersecurity Purple Team·Cybersecurity

Related in Offensive Security

Cybersecurity

The practice of protecting systems, networks, and programs from digital attacks, unauthorised access, and data breaches.

Threat Intelligence

Evidence-based knowledge about existing or emerging threats to an organisation's digital assets and infrastructure.

Vulnerability Assessment

The process of identifying, quantifying, and prioritising security vulnerabilities in systems and applications.

Penetration Testing

A simulated cyberattack against a system to evaluate the security of its defences and identify exploitable vulnerabilities.

Blue Team

A group of security professionals who defend against both real attackers and simulated attacks from red teams.

Purple Team

A collaborative security approach combining red team attack knowledge with blue team defensive capabilities.

Intrusion Prevention System

A network security technology that examines network traffic to detect and prevent vulnerability exploits.

Ransomware

Malicious software that encrypts a victim's files and demands payment for the decryption key.

Malware

Malicious software designed to disrupt, damage, or gain unauthorised access to computer systems.

Phishing

A social engineering attack that uses fraudulent communications to trick recipients into revealing sensitive information.

Spear Phishing

A targeted phishing attack directed at specific individuals or organisations using personalised deceptive content.

Zero-Day Vulnerability

A software security flaw unknown to the vendor that can be exploited before a patch is available.

More in Cybersecurity

Attack Surface

Offensive Security

The total number of points where an unauthorised user can try to enter or extract data from a system.

NIST Cybersecurity Framework

Security Governance

A set of voluntary guidelines for managing and reducing cybersecurity risk developed by the US National Institute of Standards.

Denial of Service Attack

Offensive Security

An attack designed to make a machine or network resource unavailable by overwhelming it with traffic.

Extended Detection and Response

Offensive Security

A unified security platform that integrates multiple security tools and data sources for comprehensive threat detection.

DevSecOps

Security Governance

An approach integrating security practices within the DevOps process, making security a shared responsibility.

Security Audit

Security Governance

A systematic evaluation of an organisation's information system security by measuring compliance with established criteria.

Cyber Threat Intelligence

Offensive Security

Evidence-based knowledge about adversary capabilities, infrastructure, motives, and tactics that informs security decisions and enables proactive defence against cyber attacks.

Deception Technology

Identity & Access

Security solutions that deploy decoy assets such as fake servers, credentials, and data to detect, misdirect, and analyse attackers who have breached perimeter defences.