Red Team Penetration Testing

A real-world test of a company’s people, processes and technology.

Coalfire’s Red Team testing provides you with the ultimate real-world test of your people, processes, and technology. Throughout the course of the testing, Coalfire’s experts identify and exploit weaknesses throughout the physical, social, and logical environments of your company in order to evaluate the effectiveness of your security program.

The Red Team testing attempts to compromise your environment through any method possible.  This includes, but is not limited to:

External Hacking

We’ll exploit vulnerabilities from an external IT perspective by attempting to escalate privileges and gain unauthorized access to systems or data.  We’ll leverage any and all externally-facing compromised systems to attempt to penetrate your perimeter and gain access to your internal systems.


Performed over the phone or in person, we’ll exploit vulnerabilities in staff training and awareness programs by coercing employees to provide access to sensitive information that could include user credentials, sensitive business data, or network access.  

Spear Phishing

Using publicly available information about your company, emails are sent to key personnel in your organization causing them to click links or open files.  The links direct your employees to something as innocuous as a survey website or a site that looks exactly like your website and requests specific information. Or the links may lead to a site that hosts malware, which attempts to automatically compromise your systems.  Files that are sent to users are written by Coalfire and contain a Trojan that only the Coalfire team can use to control the users’ computer and subsequently leverage to compromise the organization.


Leveraging the inherent weaknesses in wireless protocol, we attempt to subvert the security of wireless networks in your environment to gain access to your internal network.


By using in-person social engineering or by physically subverting your security controls, we attempt to gain access to your physical network to plant devices that can be used to exploit vulnerabilities in your internal systems.  

Our team may engage in one or more of the following physical techniques to gain access to your facility:

  • Lock picking
  • Magnetic door brute forcing
  • Alarm system avoidance
  • Ventilation system entrance
  • Tailgating
  • False identification
  • Procurement of badged access
  • Solicitation
  • Access system bypass
  • Video camera system redirection

Internal Hacking

Once we’ve established access to your network, we enumerate vulnerabilities on systems and within internal applications that can be exploited to achieve the testing goal.  Vulnerabilities exploited could be as simple as misconfiguring file sharing, executing buffer overflows against vulnerable operating systems or services, or compromising applications.


We prepare a formal report with an Executive/Business summary, and technical, detailed findings of the testing. The report details all identified threats or vulnerabilities (or potential vulnerabilities), and provides recommendations for countermeasures to eliminate or mitigate these risks.  Specifically, the report includes the following:

  • Assessment of the effectiveness of your existing controls in terms of design and operating effectiveness;
  • Testing work papers;
  • Risks identified;
  • Security risk mitigation recommendations;
  • Overall risk level rating of the test environment;
  • Narrative describing how the test activities resulted in the overall rating.

Wherever possible, the report will recommend specific security patches, and/or architectural configuration, or procedural changes that may be required. Any vulnerability that we uncover will be ranked according to severity. All photographs, videos, files, passwords, or system information obtained during the test will be included as part of the report.