Red Teaming & Adversary Simulation Services

We simulate real attackers against your entire security architecture, in your production environment instead of a lab. As a specialised offensive security company based in Vienna, we test how far a motivated attacker actually gets inside your organisation and how well your blue team stops them.

How red teaming differs from a pentest

A classic penetration test works through a defined scope and finds as many vulnerabilities in a system as possible. A red teaming assessment instead pursues a specific objective, such as access to a business-critical application or a sensitive data set, and uses every path to get there: technology, social engineering and physical access.

The decisive difference: red teaming tests not just your systems, but your entire defence. How quickly does your SOC detect the attack? Do the response processes hold? Do technology, processes and people work together under real pressure?

What we test

  • Technical defence: detection of and response to complex, multi-stage attack scenarios in your production environment.
  • Blue team effectiveness: the response processes, analysis capabilities and speed of your defence team.
  • Organisational resilience: how well processes, technology and people work together when it matters.

The goal is not a pass or fail verdict, but the continuous improvement of your defence against increasingly sophisticated attack techniques.

Adversary simulation: attacks based on a real threat picture

Adversary simulation goes a step further than a generic attack. We replicate the behaviour of a specific threat actor that is realistic for your industry, derived from real threat intelligence. We use the tactics, techniques and tooling of known groups and, on request, purpose-built custom malware to test the effectiveness of your XDR or EDR system.

This shows whether your defences hold against the attackers who actually target you, not just against a theoretical textbook scenario.

The phases of a red teaming assessment

A red teaming engagement runs through several phases. Depending on the objective, we combine them or set a focus.

Initial access

We get the first foot in the door through realistic attack channels, without putting your employees on show. Typical vectors:

  • Email phishing: tailored campaigns with convincing domains and landing pages.
  • Vishing: phone-based manipulation with spoofed caller ID.
  • CEO fraud: impersonation of senior staff.
  • USB drops and prepared hardware: distribution of manipulated devices.
  • Physical access: on request combined with a physical security assessment.

Assumed breach

In an assumed breach scenario we start where an attacker is already inside the network and test how far they get. The initial compromise is skipped, the focus is on lateral movement:

  • Privilege escalation: from a standard user to elevated rights.
  • Active Directory: attacks on the central identity infrastructure.
  • Network segmentation: separation between client, server and guest networks.
  • AV/EDR effectiveness: the configuration and effectiveness of your endpoint protection.

On request we test offensively with active XDR, to measure how effectively your SOC detects the attack, or as white-box without countermeasures, to surface as many technical weaknesses as possible.

Red teaming aligned with TIBER-AT

For regulated financial institutions we run red teaming assessments based on the TIBER-AT framework, the Austrian implementation of threat-led penetration testing. TIBER-AT is closely aligned with the requirements of DORA and is based on real threat intelligence against the production environment.

For more on the provider landscape, see our overview of red teaming providers across the DACH region.

What you get

  • Detailed report: every attack path with a risk assessment, documented for both technical teams and management.
  • Prioritised recommendations: concrete measures sorted by impact and effort.
  • Management debrief: a personal presentation of the key findings for leadership and the CISO.
  • Replay workshop: on request a joint re-run of the attacks with your blue team to close the gaps.

Frequently asked questions

What is the difference between red teaming and a penetration test?

A penetration test works through a defined scope and finds as many vulnerabilities in a system as possible. A red teaming assessment pursues a specific objective and uses every vector to get there: technology, social engineering and physical access. Red teaming also tests how well your blue team detects and responds to the attack.

What is adversary simulation?

We replicate the behaviour of a specific threat actor that is realistic for your industry. Instead of generic attacks, we use the tactics, techniques and tooling of known groups, derived from real threat intelligence.

How long does a red teaming assessment take?

A focused engagement usually takes four to eight weeks. A full TIBER-AT cycle with threat intelligence, red teaming and replay runs over six to nine months.

What does a red teaming assessment cost?

It depends on scope, duration and objective. A full TIBER-AT cycle starts at around EUR 150,000, focused red team engagements are below that. We clarify the concrete budget in a free initial call.

Do we need red teaming or is a pentest enough?

Red teaming is worthwhile once the fundamental vulnerabilities are fixed and you want to know how your defences hold up under real conditions. If you want to secure a single system, a penetration test is the more suitable starting point.

Evaluate red teaming for your organisation

Let us spend 30 minutes clarifying whether and how a red teaming assessment fits your security posture. Free and without obligation.

Book a free consultation

Back to the overview of all services or straight to the contact page.