In the first stage of red team engagement, the team would take a field trip and observe the target and its location. The exercise aims to perform deceitful conversation with the employees or known as social engineering, to gather useful information about the target location, while observing the surrounding of the security infrastructure.
During the engagement, the testers usually carry different false identities (masquerading) roles such as customer, accountant, or police officer to perform the first stage of the red team.
After gathering enough information about the target location, the red team will design a definite plan for the execution strategy. A checklist of actions will be provided to each member of the red team based on their roles to compromise every possible scenario. Every scenario from the list is taken into account, ultimately to cover every likely scenario or loophole in the target location.
Finally, armed with a plan, the red team will attempt to infiltrate the target location. Different identities will also be utilized in this phase to achieve their needed, yet different goals. For example, several team members will pretend to be a customer to divert the attention of the staff or employee. Another team will attempt to perform the required infiltration, which includes but not limited to; installing malware into public kiosks or workstations, pasting unnecessary QR codes in false advertisements on the surroundings, etc.
Another team of experts will pretend to be individuals of importance, for example, an auditor or accountant, to gain access to highly sensitive or confidential areas such as safe rooms or filing rooms, to gather highly classified information of the target area. Dumpster diving around trash bins and also printer spaces will also be performed to obtain sensitive corporate data.
