Darkside Service
Red team exercise
Measure how your organisation responds to a real attack path.
Darkside red team exercises test more than vulnerabilities. We simulate a sustained adversary with agreed objectives, realistic tactics, and a final debrief that shows where prevention, detection, and response controls held or failed.
Why it matters
Practical evidence, not scanner noise.
Mature teams need to know whether security controls work together under pressure. A red team exercise gives leadership and defenders evidence beyond a point-in-time vulnerability list.
What we test
- Initial access through phishing, credential attacks, or exposed services
- Persistence and privilege escalation
- Lateral movement and credential harvesting
- Command-and-control and exfiltration paths
- EDR and SIEM evasion opportunities
- Physical access attempts where approved
- Social engineering against staff
- Cloud and SaaS pivot paths
- Objective-based compromise scenarios
- Detection and response capability
What you receive
- Full attack narrative with timeline
- MITRE ATT&CK technique mapping
- Detection gap analysis
- Blue team debrief session
- Prioritised remediation roadmap
- Executive-ready presentation
Methodology
How the engagement runs
- 01
Define objectives, safety boundaries, legal approvals, and escalation contacts.
- 02
Plan attack paths that reflect realistic threats to your organisation.
- 03
Execute controlled operations while recording timeline and evidence.
- 04
Debrief defenders on detection opportunities and missed signals.
- 05
Deliver executive and technical recommendations mapped to the exercise narrative.
FAQ
Common questions
How is red teaming different from penetration testing?
A penetration test finds and validates vulnerabilities in a defined scope. A red team exercise pursues an objective and measures controls, detection, and response across attack paths.
Do you include phishing?
Only where agreed. Phishing, vishing, and physical access can be included, but each technique is approved in the rules of engagement.
Will the blue team know?
That depends on the objective. We can run covert, collaborative, or purple-team-style exercises depending on your maturity and risk appetite.
Related services