Red team exercise
Definition
A full-scope adversary simulation in which a team of testers uses the full range of attack techniques (technical, social engineering, and physical) over an extended period, typically without most internal staff knowing the exercise is underway. More comprehensive than a standard penetration test; used to test detection and response capability as well as preventive controls.
Related terms
- Attestation letter
- A formal document issued by a qualified assessor, such as a PCI Qualified Security Assessor (QSA) or an ISO 27001 certification body,...
- Common Vulnerability Scoring System (CVSS)
- A standardised scoring framework that rates vulnerability severity on a 0-10 scale using base metrics (attack vector, complexity, privileges required, user interaction,...
- Remediation verification test
- A targeted re-test conducted after an organisation has applied fixes to vulnerabilities identified in the original penetration test. The re-test confirms that...
- Rules of engagement (RoE)
- The written contract or pre-test agreement that defines the authorised scope, permitted techniques, excluded systems, test window, escalation contacts, and emergency stop...
- Scope creep
- The unintended expansion of a penetration test beyond the agreed boundaries, either because testers follow a vulnerability chain into an out-of-scope system...
Explained in
- Penetration Testing Scope and Audit InterfaceA full-scope adversary simulation in which a team of testers uses the full range of attack techniques (technical, social engineering, and physical) over an ext...