The aim of Red Team operations is to see the big picture and bring this perspective to the infrastructure of the organization. A certain fictional simulation is prepared and tested for organizations, and the resulting physical, network, application and social engineering vulnerabilities are evaluated and the organization is informed. The better the fiction, the better prepared the organization will be for real-life attacks.

Along with evaluating the above items, the Red Team should be able to answer the following three questions:
1. If organizational values ​​experience a major cyber attack, what effects will occur within the organization? What is lost from the organization in terms of finances and reputation?
2. What could be the effects in case of an attack on some trusted infrastructures after all evaluations and procedures are carried out?
3. Based on the organization's values ​​and operations, which is the easiest to attack?

1. Email and Phone-based Social Engineering Attacks: These attacks, also known as phishing attacks, are tried as the first door to enter the institution or organization.
.2. Network services: Actions are taken to find vulnerabilities or weaknesses by examining the flows in servers and network traffic. The most vulnerable ones are servers that are misconfigured or not updated, and these situations provide a great advantage to the team performing the action in Red Team operations.
‍3. Physical Layer: At this level, in the Red Team operation, a physical vulnerability is tried to be found within the organization and it is tested whether it is possible to enter the organization as an employee and access important places such as any identity information or data centers.
‍4. Application Layer: At this level, vulnerability assessment is carried out on any application detected by the institution in the Red Team operation, and as a result of this evaluation, the listed threat vectors are attacked.

Just as it is a methodology followed when applying penetration tests, it is also a methodology followed in Red Team operations. For example, the entire IT and network infrastructure is evaluated and separated into certain sections. Critical points are determined based on certain functions. These points can be made within a specific software (Web Application, etc.) or a physical point. The common methodology for Red Team goes like this:

1. The Scope: This point determines the general purpose and scope of the operation to be performed. For example:a. The targets to be attacked should be listed.b. Operation rules should be determined.c. Points that will not be included in the attack surface should be determined.d. An acceptable time period should be determined.e. Necessary permissions must be obtained from the institution.
2. Recon: In this phase, necessary information and data about the organization are collected and contributed to the Red Team operation. This phase is the most critical and necessary part for the Red Team operation. The following examples explain the situation better:
a. The IP address range, ports and related services of the institution are determined.
b. API endpoints associated with mobile or wireless network devices are detected.
c. Information such as employees' e-mails, social media profiles, phone numbers and ID numbers are obtained.
d. The identity information of any employee can be targeted.
e. If there is any embedded structure related to network and IT, it is detected.

3. Planning and Mapping: In this section, the points at which the attacks will be made and the mapping of the attack are discussed. Below are examples of factors:
a. Subdomains that are not publicly accessible should be determined.
b. Misconfigurations in cloud-based infrastructures should be identified.
c. Weak authentication points should be identified.
d. Vulnerabilities and weaknesses in the network and applications should be noted.
e. After the vulnerabilities are exploited, how far should we go and the vulnerabilities that may be encountered should be identified.
f. Social engineering scripts should be prepared.

4. Performing of Attack: This point is the part of attacking the planned entry points and putting the preparations into practice. Example attacks are listed below:
a. Known vulnerabilities in target applications are exploited.
b. It has an impact on the applications used to develop software.
c. Efforts are made to provide access to structures in the IT and network infrastructure. These structures can be firewalls, routers, servers and WiFi points.
d. User-side applications are attacked. (Mostly Web applications)

5. Documentation and Reporting: This part can be considered as the last phase of the methodology. The components and results of the operation performed on the organization are mentioned. The content of the report mentions:
a. What types of attacks occur and what are their effects.
b. The security effects of the found vulnerabilities and vulnerabilities are mentioned.
c. The security degrees of the exploited points are mentioned.
d. The improvement parts of the vulnerabilities found in the actions taken are mentioned.
e. It talks about what might happen if the necessary precautions are not taken.

Verification of responses to cyber attacks: The vulnerabilities and attack surface that emerge as a result of the operations are determined. It confirms how reliable the institution is in terms of defense and how it deals with threats.
‍
Security Risk Classification is Created: Weaknesses and weaknesses within the institution are identified. After the configurations and security updates of the IT and network infrastructure are checked, a result is determined as to which risk class the institution is in terms of security.
‍
Security Weaknesses Are Revealed: As a result of the operations carried out, Red Team reveals weaknesses in security points.
‍
Conclusion
In summary, Red Team operations such as penetration testing also provide significant benefits to the organization in terms of security. The biggest difference from penetration testing is that while a cyber attack scenario is created in Red Team operations, this scenario is implemented in penetration testing. In Red Team operations, real-life scenarios are created by looking outside the box and attack vectors are based on these.