Amethyst Cyber Group

Red Teaming

Realistic attack simulation against agreed business objectives.

Red team engagements test how controls, people, and processes perform against realistic adversary behaviour while remaining controlled and measurable. Physical site scenarios can be included where explicitly authorised.

Submit enquiry Download prerequisites

Engagement detail

Controlled scenarios with measurable outcomes

Objective-led scenarios

Engagements are built around agreed outcomes such as accessing sensitive data, proving a route to compromise, or testing detection paths.

Controlled execution

Rules of engagement define allowed activity, escalation points, emergency stop conditions, and communications.

Detection observations

Findings include what was visible to defenders, where telemetry was missing, and where controls slowed or stopped progress.

Physical site scenarios

Authorised scenarios can test visitor controls, tailgating, badge processes, restricted area access, and response escalation.

Board-ready reporting

Reports explain business impact and control effectiveness as well as technical detail.

What it is

Red teaming is an objective-led simulation of realistic adversary activity. It tests whether people, process, technology, and monitoring can prevent, detect, and respond to a controlled attack path.

Who it is for

Best suited to mature organisations that already have security monitoring, incident response, identity controls, and executive stakeholders who want evidence of how resilience holds up against realistic scenarios.

Important controls

  • Written authorisation and rules of engagement
  • Trusted contacts and emergency stop process
  • Clear business objectives and exclusions
  • Deconfliction with internal defenders where required

Prerequisites

Prepare objectives, permissions, and safety controls

Red team preparation focuses on legal authorisation, trusted contacts, target objectives, permitted techniques, deconfliction, escalation routes, and emergency stop conditions. Physical scenarios also require site scope, permitted hours, safety constraints, and a signed letter of attestation.

Red team prerequisite pack

PDF checklist for objectives, authorisation, trusted contacts, permitted activity, and safe execution.

Download PDF

FAQ

Red teaming questions

How is red teaming different from penetration testing?

Penetration testing focuses on finding and validating weaknesses in an agreed scope. Red teaming tests realistic attack paths against prevention, detection, response, and organisational resilience.

Can physical scenarios be included?

Yes. Physical penetration testing can be included where there is written authorisation, clear site scope, permitted hours, safety constraints, and an agreed letter of attestation.

Who knows about the exercise?

This depends on the rules of engagement. Some exercises are closely held, while others are deconflicted with selected trusted contacts for safety and incident control.

What safety controls are used?

Rules of engagement define permitted techniques, exclusions, escalation routes, emergency stop conditions, data handling, and named contacts who can pause or stop activity.

What do we receive at the end?

Outputs normally include an attack narrative, mapped objectives, evidence, detection and response observations, control gaps, and prioritised improvement recommendations.