Your defences hold in testing. Do they hold against a real attacker?

    A pentest finds known vulnerabilities. A red team acts like a real adversary: phishing your people, bypassing your perimeter, moving laterally until they reach your crown jewels. Then they deliver a report your board can act on.

    Request a scoping call

    What a red team engagement delivers

    100%
    of engagements find at least one critical path to the defined objective
    3 vectors
    technical, human and physical attack surface tested in a single engagement
    2 reports
    executive narrative for the board and technical annex for your security team
    NIS2
    advanced testing evidence accepted by NIS2 and DORA auditors

    A red team is not a pentest with a bigger scope

    The difference between finding known vulnerabilities and testing whether your defences hold against a real adversary

    What a red team is NOT

    A pentest with a wider scope: a red team has no predefined scope and chains whatever vectors work, from phishing employees to tailgating into your office

    What a Sectricity red team delivers

    Goal-based adversary simulation: we work toward a defined business objective using any realistic attack vector, not a predefined list of systems

    What a red team is NOT

    A compliance checkbox: a passed pentest means no known critical CVEs, it says nothing about whether your SOC would detect lateral movement

    What a Sectricity red team delivers

    Your detection and response under real pressure: we document every step your SOC does and does not detect, producing evidence NIS2 and DORA auditors accept

    What a red team is NOT

    A technical-only exercise: most breaches start with a person, not a port — phishing, vishing and physical intrusion are core red team vectors

    What a Sectricity red team delivers

    Multi-vector engagement: spear-phishing, vishing, physical tailgating and technical exploitation in a single coordinated campaign

    What a red team is NOT

    A one-off report: a red team engagement exercises your detection and response capability, not just your vulnerability surface

    What a Sectricity red team delivers

    Two deliverables: an executive narrative your board can act on and a technical annex with a prioritised remediation backlog for your security team

    What a real red team delivers

    A defined business objective, not a CVE list

    We work towards a goal: domain admin, financial data, customer records. Every attack decision is made in service of that objective, exactly as a real adversary would operate.

    Multi-vector: technical, human and physical in one engagement

    Spear-phishing, vishing, physical tailgating and technical exploitation in a single coordinated campaign. The full attack surface, not just the network perimeter.

    Tests your detection and response, not just prevention

    Does your SOC detect lateral movement? Would an alert fire if credentials were exfiltrated? A red team answers these questions. A pentest does not.

    A board-ready narrative with a remediation roadmap

    Two deliverables: an executive narrative your board can act on, and a technical annex with a prioritised remediation backlog for your security team. NIS2 and DORA evidence included.

    How a Sectricity red team engagement works

    Five structured phases from scoping to debrief. Every step is documented with evidence.

    1. Scoping and rules of engagement

    Define the objective, out-of-scope systems, get-out-of-jail card and escalation protocol. No engagement starts without a signed scope.

    2. Threat intelligence and reconnaissance

    OSINT on targets, email patterns, LinkedIn profiling, exposed infrastructure and physical site survey. We build an attacker picture before touching a single system.

    3. Initial access and foothold

    Spear-phishing, vishing, physical tailgating or technical exploitation, whichever achieves access fastest. Every attempt is documented.

    4. Lateral movement and objective

    From foothold to target objective: escalation, pivoting, persistence and exfiltration. We track every step your SOC does or does not detect.

    5. Debrief, report and remediation

    Executive narrative plus technical report plus remediation roadmap prioritised by actual attacker paths. Post-remediation retest available.

    Who commissions a red team

    When a pentest report is no longer enough.

    CISO: validate your security controls

    You have invested in EDR, SIEM, MFA and awareness training. A red team tells you whether those controls hold against a coordinated adversary. Use the findings to justify next year's security budget with evidence your board understands.

    Compliance: NIS2 and DORA evidence

    NIS2 Article 21 and DORA requirements call for advanced testing beyond vulnerability scanning. An advanced red team engagement produces the documented evidence your auditor expects.

    Board: cyber risk in business terms

    Your board needs to understand risk without CVE scores. Red team reports show the narrative: an attacker could have reached your financial systems in three days, undetected. That drives investment decisions.

    Frequently asked questions

    A red team engagement is a full-spectrum adversary simulation where ethical hackers try to reach a defined business objective using any realistic attack vector, including phishing, physical intrusion and technical exploitation. The goal is an objective, not a vulnerability list.

    A pentest is scoped to find vulnerabilities in specific systems. A red team follows no predefined scope; it chains whatever vectors work, from phishing employees to tailgating into your office. The goal is a business objective, not a vulnerability report.

    Typically 4 to 8 weeks depending on scope complexity and objective. The timeline covers reconnaissance, active attack phases and report preparation. We agree the timeline during scoping.

    That depends on the engagement type. A full red team is typically blind to the SOC; only a very small white cell knows. This tests real detection capability. We align on notification protocols during scoping.

    Yes. Our methodology follows the intelligence-led approach referenced by NIS2 and DORA for advanced security testing. The engagement report is structured for direct auditor use, with documented evidence of each attack phase and remediation guidance.

    We follow a severity escalation protocol agreed during scoping. Critical findings that represent immediate business risk are reported to the white cell immediately, not held until the final report.

    Yes. A targeted retest of critical attack paths after remediation confirms fixes are effective and generates documented evidence of improvement for your NIS2 audit trail.

    Two layers: an executive narrative summarising the attack chain, business impact and strategic recommendations for board and C-suite; and a technical annex with all evidence, findings and a prioritised remediation backlog for your security team.

    Find out if your defences hold before an attacker does.

    Book a free scoping call. We discuss your environment, define a realistic objective and tell you what an engagement looks like for your organisation. No commitment.

    Request a scoping callTalk to our red team