Red Teaming

Our premier service, where the gloves come off, and the ethical hacking game is on

Contact Us

Raxis Attacks. You Defend.

Welcome to real-time, real-world, digital assault. A game that you’ll win every single time you play it. Blended attacks and concierge engagement come together to reveal your company's actual attack surface.

Are your cybersecurity defenses ready? The Red Team test will tell you.

Red Team vs Blue Team Graphic

Why Red Teaming?

The Raxis Red Team provides an adversary simulation service and is called on to help organizations understand the effectiveness of their cybersecurity defenses. We’ll deploy our most experienced and accomplished team members to mount a real-world attack on both your physical facilities and business systems. Every company has vulnerabilities; the Raxis Red Team Assessment exposes them.

Our signature Red Team Assessment is a well-planned and well-orchestrated cyberattack. Our elite team of professional ethical hackers launch a customized, real-world attack, just like determined hackers would. We know from experience that our Red Team Assessments expose vulnerabilities that are less apparent during targeted penetration tests, so you can prepare yourself before real cyberthreats come knocking. A Raxis Red Team engagement identifies not only technology vulnerabilities but also business process gaps as well.

What if your company is looking for a real-world assessment but isn’t quite ready for an all-out attack? As always, Raxis works with you to develop a Red Team test that fits your company’s needs. Before testing begins, we work closely with your team to establish boundaries, assuring the Raxis Red Team deliverables align with your goals.

Raxis' Red Team brings decades of clandestine experience to bear against your defenses.

Test the mettle of your best cybersecurity defenses against an arsenal of multi-faceted attacks from our elite team.

Raxis One UI

Manage Your Red Team Assessment with Raxis One

Your interface to PTaaS is through our online customer management portal, Raxis One. Updates from the Managed Penetration Testing process are provided in real time to ensure you always have the latest information from both our team and our anomaly detection engine. It’s a simple and secure method to control Managed Penetration Testing or any of your Raxis services.

Red Teaming Features

You Always Win

While no amount of security guarantees you will not be breached, Raxis can certainly help you drive down the severity of a security compromise by identifying areas to improve your response to an attack. The Raxis Red Team uses the same techniques that today’s malicious hackers use, including detection evasion, recent exploits, social engineering, and chained attacks. If our attacks succeed, you win. In the case that your cybersecurity defenses prove superior, you still win.

Blended Attacks

With a Red Team test, we use all of the information gathered from both technology and people to orchestrate a highly coordinated attack. While this real-world cyber attack is highly effective at finding gaps in your armor, we take precautions to ensure your systems and data remain safe during this controlled simulation. We never conduct cybersecurity attacks that are high risk or knowingly cause a denial of service without your approval beforehand.

No Holds Barred

We are your Red Team experts. We’ll combine open source intelligence, dark web data, social engineering, our rock star pentesting team, and evasion techniques to safely test every aspect of your defense. The Raxis Red Team operates exactly like a malicious hacker, except we’re always on your side. We believe it is paramount to ensure that your systems stay online, server performance remains optimal, and all data is properly redacted before reported to your team.

Physical Security

In most of our Red Team assessments, physical security is deemed in scope to gain a full view of every potential avenue of attack. We test physical security to ensure that intruders can't gain access to systems that may be protected by physical access controls. This often includes badge readers, wireless networks, electronic door locks, and network-connected cameras. While we will operate within your parameters, it always works out better for you if we are not limited in scope.

Cyberattacks Lock

What about Continuous Pentesting or PTaaS?

It’s your choice! Raxis offers both Penetration Testing as a Service (PTaaS) and traditional penetration testing, both available for easy access via our Raxis One customer portal.

Our competitors are doing PTaaS a little differently, usually valuing ultra fast response or quantity over quality, and that approach just didn’t fit our company culture. Instead, we took the best of what everyone else was doing and mixed it with our time-tested methodology of quality pentesting, cutting no corners. Raxis PTaaS is the only way to increase turnaround time in pentesting without the loss of quality.

Learn More

Red Teaming FAQ

If you are running security upgrades that are almost complete, you may want to schedule your red team test for afterwards to test your changes. Usually, however, there’s no time like the present. If you have known issues that you haven’t corrected, it may be a budget issue. If so, a Raxis red team can give you the proof your management team needs to see that the changes are a high priority. Maybe you have been putting off changes that don’t seem that important . . . the complex, chained attacks in a Raxis Red Ream show clearly how seemingly small vulnerabilities work together to give a hacker more access than you may realize.

While malicious hackers may have all the time in the world to attempt to break into your systems, our tests are scoped for a certain amount of pentesting hours -- the timebox. Our engagement ends with a report that clearly explains what Raxis accomplished during the time of your test and what you can do to make your environment more secure against a malicious hacker attempting the same things.

This often depends on your industry and specific needs of your company, but Raxis recommends at least an annual pentest. If a zero-day hack is released after your annual pentest, your pentesting team won't attempt it on your systems until your next pentest, so some companies with high-risk data and assets performs multiple pentests in the same year. Note that Raxis' PTaaS offering provides the best of both worlds with one annual pen test and continuous monitoring throughout the year.

While we sometimes work with companies that follow this philosophy, we believe it is flawed. The idea is that different pentesters all have different backgrounds and different strengths, but all pentesting companies are not the same. Raxis pentesters have strong backgrounds and certifications, and they are always working together to learn and share current knowledge about new vulnerabilities and exploits. Not all of our competitors can say the same. We recommend that companies find a trusted pentesting company, such as Raxis, and trust them to perform strong tests year after year.

We do not break the law. Our contracts spell out what we are and aren’t allowed to do. For example, we will never damage or destroy our customers’ property. What we will do is demonstrate how a real hacker could — and show our customers so that they can take steps to prevent it. Even if most company employees don’t know what is going on, leadership does and has agreed to it.

Yes, and it’s all about system uptime and data integrity. Unlike the bad guys, our penetration tests stop short of real damage, and we always obscure the data we take for proof of access. We also stay within any parameters set by the customer, but we always push to the edge of that envelope.

Once scoped, we work directly with cloud providers to inform them of our activities. Raxis has completed numerous tests on Amazon AWS/EC2, Microsoft Azure, Google Cloud, Rackspace, and VMWare cloud. We’ve worked with content delivery front ends such as CloudFlare and Akamai as well. No matter what the tech stack is, Raxis will find the best method possible for your pentest.

Unless otherwise requested, we crack passwords to determine the strength of the password policy and effectiveness of enforcement. We also may re-use passwords to pivot to other systems, which often results in a larger simulated data breach. Raxis uses high-strength encryption to protect the hash data both at rest and in motion. Once our password cracking is completed, we securely delete the password hashes and provide you with a summary including password strength, complexity, and analysis in a redacted pentest report.

The Raxis Penetration Testing team is second to none at pinpointing real world security risks by using the same tools and techniques as a malicious attacker. We’re all in the United States (with many of us based in Atlanta), most of us have at least 10 years of experience, and pentesting is our sole expertise. With so many technology defenses prevalent today, a pentester must understand every aspect of security and the latest techniques to bypass those many controls. The Raxis crew never stops learning the latest exploits, and we have a ton of fun sharing our knowledge. We don’t do checkbox security, and we never will.

Raxis Red Team Specifications

tl;dr

  • Powered by Raxis One, a secure web console for Raxis services
  • Utilizes the same tools and techniques as a blackhat hacker
  • Blended attack using social engineering, OSINT, pentesting, and evasion techniques
  • Exploitation, pivoting to other in-scope systems, and redacted data exfiltration
  • Red Team services are highly customizable, as every customer is unique
  • Meets or exceeds requirements for NIST 800-53, NIST 800-171/CMMC, PCI, HIPAA, GLBA, ISO 27001, and SOX compliance
  • Available as a one-time service, multi-year agreement, or annual subscription