Offensive Security

Red Team Assessment

We think like the adversary. Then we prove it.

Red team assessments from Sherlock Forensics simulate real-world adversary operations across your entire organization: physical, digital and human attack vectors. Unlike penetration testing which focuses on finding vulnerabilities in defined scope, red teaming tests your detection and response capabilities against a realistic threat actor. MITRE ATT&CK mapped. Since 2006.

Get Started Call 604.229.1994

Red Team vs Pentest

Red Team vs Pentest

A penetration test finds vulnerabilities in a defined scope. A red team assessment tests whether your entire security program detects and responds to a realistic attack. The goal is not just to find holes. It is to prove whether your people, processes and technology work together to stop a determined adversary.

Scope: Pentests target specific systems (web app, network). Red teams target the organization with no restrictions beyond safety boundaries.

Duration: Pentests run 1-2 weeks. Red team engagements run 2-8 weeks to simulate persistent threat behavior.

Stealth: Pentests are known to the IT team. Red teams operate covertly. Your SOC should detect us. If they do not, that is the finding.

Deliverables: Pentests deliver vulnerability lists. Red teams deliver attack narratives showing how an adversary would compromise your organization step by step.

Our Methodology

Our Methodology

Sherlock red team assessments follow the MITRE ATT&CK framework. We simulate real adversary tactics, techniques and procedures (TTPs) mapped to the threat actors most relevant to your industry.

Phases: reconnaissance and OSINT gathering, initial access (phishing, physical, technical), persistence and lateral movement, privilege escalation, objective completion (data exfiltration, ransomware simulation), detection and response evaluation.

Every technique we use is mapped to a specific MITRE ATT&CK technique ID so your security team can measure detection coverage.

When to Choose Red Team

When to Choose Red Team

Choose a red team assessment when: you have a mature security program and want to test it against realistic threats, your SOC needs to validate its detection capabilities, you want to evaluate your incident response process under real conditions, your board or executive team wants proof that security investments are working, or you are preparing for a real-world threat scenario.

Get Started

Ready to strengthen your defenses?

Order a security assessment online or call for a free scoping consultation. From $1,500 CAD.

Since 20064.8/5 ratingCISSP, ISSAP, ISSMP certified
Order Online

Questions

Frequently Asked

How long does a red team assessment take?
Typical engagements run 2-8 weeks depending on scope and objectives. Longer engagements allow more realistic adversary simulation including low-and-slow techniques that evade detection.
How much does a red team assessment cost?
Red team assessments start at $12,000 CAD for targeted scope. Full-scope adversary simulations with physical and social engineering components range from $20,000-$50,000+ CAD depending on duration and objectives.
Will a red team assessment disrupt operations?
We design engagements with clear safety boundaries. No data destruction, no denial-of-service, no production system damage. If we achieve an objective that could cause disruption, we document it as a finding without executing it.
What is the difference between red team and purple team?
Red team operates covertly against your defenses. Purple team is collaborative: the red team attacks while working alongside your blue team (defenders) to identify detection gaps in real time and tune defenses together. Purple team accelerates detection improvement.
Do I need a pentest before a red team assessment?
Yes. Fix the obvious vulnerabilities first. Red teaming an environment full of unpatched systems and default credentials wastes money. Start with a pentest to establish a security baseline, remediate critical findings, then challenge your defenses with a red team.