RedTeam Security’s methodology to penetration testing and Red Teaming utilizes a comprehensive, risk-based methodology to manually identify critical network-centric vulnerabilities that exist on all in-scope networks, systems, hosts, applications, staff, and physical assets.

Get a Quote in 24 hours

A Comprehensive, Risk-Based Methodology

  1. Information Gathering
  2. Threat Modeling
  3. Vulnerability Analysis
  4. Exploitation
  5. Post-Exploitation
  6. Reporting

Network Penetration Testing

RedTeam Security’s comprehensive method for network penetration testing covers the classes of vulnerabilities in the Penetration Testing Execution Standard (PTES) and the Information Systems Security Assessment Framework (ISSAF), including but not limited to: CDP attacks, MIME testing, DNS enum/AXFR, SMTP relay, SNMP recon, port security, brute force, encryption testing and more.

Application Penetration Testing

RedTeam Security’s comprehensive method for application penetration testing covers the classes of vulnerabilities in the Open Web Application Security Project (OWASP) Top 10 2021, including but not limited to: Injection, Broken Authentication, Sensitive Data Exposure, XXE, Broken Access Control, Security Misconfigurations, XSS, Insecure Deserialization, using components with Known Vulnerabilities, and more.

Physical Penetration Testing

RedTeam Security’s comprehensive method for physical security penetration testing involves the OSSTMM and a proprietary approach developed through the years that includes but is not limited to Passive Reconnaissance, Open Source Intelligence (OSINT), Active Reconnaissance (drones, onsite covert observation), Vulnerability Identification, Exploitation, Post-Exploitation and more.

Manual Testing vs Automated Testing

RedTeam Security’s approach consists of about 80% manual testing and about 20% automated testing – actual results may vary slightly. While automated testing enables efficiency, it is effective in providing efficiency only during the initial phases of a penetration test. At RedTeam Security, it is our belief that an effective and comprehensive penetration test can only be realized through rigorous manual testing techniques.


In order to perform a comprehensive real-world assessment, RedTeam Security utilizes commercial tools, internally developed tools, and the same tools that hackers use on each and every assessment. Once again, our intent is to assess systems by simulating a real-world attack and we leverage the many tools at our disposal to effectively carry out that task.

We employ tools from the following categories (not a complete list): 

  • Commercial tools (i.e., Nessus, Burp Suite Pro, AppScan, Nexpose, WebInspect) 
  • Open source/Hacker tools (i.e., Metasploit, BEeF, Kali Linux, OWASP Zap, nmap) 
  • RedTeam developed tools (i.e., nmapcli, Metasploit modules, PlugBot, various scripts)


We consider the reporting phase to mark the beginning of our relationship. RedTeam Security strives to provide the best possible customer experience and service. As a result, our report makes up only a small part of our deliverables. We provide clients with an online remediation knowledge base, dedicated remediation staff, and a ticketing system to close the ever-important gap in the remediation process following the reporting phase.

Remediation & Re-Testing

Simply put, our objective is to help empower our clients to remediate vulnerabilities, not just find them. As a result, remediation re-testing is provided at no additional cost for up to six findings, within six months of project completion. In the event a significant number of findings are required to be re-examined, or if additional remediation retests would be required please contact your representative who can assist you in determining a solution to fit your particular need. 

Our reports show everything RedTeam Security found, how we found it, and best practices to remediate the findings. Because our goal is to ensure your network is properly fixed once we have identified the issues, RedTeam Security provides remediation testing at no additional cost. When you and/or your team are ready for us to retest, just call us. Whether that’s in two weeks or two months, we remain prepared to retested your remediated vulnerabilities and will get you scheduled when you feel prepared for your retest.  

Until you are ready for your retest, please use RedTeam as a resource. If you have questions that have come up during your remediation, whether they are related to your testing or not, call or email us, and we will get you the answers you need.

Featured On

National TV news and media outlets often consult with us for our expertise as a boutique, high-touch ethical hacking firm highly trained in a narrow field of cybersecurity. Please click on any logo below to view the featured story.