Tactics, Techniques & Procedures used in the wild to test your defences


The purpose of the exercise is to replicate the Tactics, Techniques and Procedures (TTPs) used in known attacks to measure your organisation’s ability to withstand compromise.

Red Teaming as an attack mechanism and Blue Teaming as a defensive posture can be merged to create a Purple Team – coordinating dynamic testing and defensive exercises for additional capacity building.

The attack simulation service allows the our team to use any means necessary to compromise your organisation and the attack does not need to be bound to a specific scope but rather a specific end goal.


We assume the role of an advanced threat actor and tries to compromise agreed upon infrastructure and key systems inside a network using Tactics, Techniques and Procedures employed by advanced threat actors in their compromise campaigns. It tests the defences of a network against a persistent attacker.

External red

We perform an external stealth network intrusion and reconnaissance against the targeted organisation alongside traditional external attacks. Phishing and other social engineering methods are then employed, targeting key individuals within the organisation.

Assume compromise red teaming

This builds on the premise that, one way or another, you will be compromised and does not care about the root cause – for example, clicking a link, browsing a website or installing a program on their computer from a dubious source.


Purple teaming is a collaborative exercise between the client and us. It involves our Foregenix team performing a set of TTP's from our Red Teaming methodology in an environment that is fully controlled and monitored by a defensive team. The defensive team can be fully manned by the client or contain analysts from our Foregenix Threat Intelligence Group (TIP).

The goal of this service is to help identify gaps in monitoring controls and model adversarial activities in their internal defensive tool set. This enhances internal capabilities and heightens the internal security of an organisation.

The final deliverable of the Purple Teaming offering is the Playbook that was executed against the monitored infrastructure.



Playbook creation

The list of tests to be executed are agreed upon between the client and us. This is based on customer needs but can also take into consideration the overall industry the client is operating in and threat actors targeting that industry.


Playbook modelling

We model the tests and the client’s environment in its internal toolset. Any additional tests that are part of the defined Playbook are developed in this stage.



Playbook execution

The defined tests are executed in the monitored environment.



Gap identification

Gaps in monitoring are identified. We can aid in guiding corrective actions as well as providing specialised Threat Intel and Forensics Analysts who can work alongside the client’s team.

Learn more on how we can help you with your Attack Simulation requirements...

Book a chat or call us using the numbers below.

UK (HQ): +44 846 309 6232
North America: +1 (877) 418-4774
Europe: +49 6131 2188747
LATAM: +549 342 421 6688
APAC: +61 420 904 914
MEA: +27 860 444 461