A red team engagement should not just identify active vulnerabilities, but also uncover potential business risks based on real-world adversary capabilities. Our advanced Red Team service addresses the ongoing threats your enterprise faces. We focus not just on immediate tactical risks, but on your most pressing operational challenges to ensure you’re protected both reactively and proactively.

Read Bishop Fox's Red Team Methodology

Bishop Fox’s advanced Red Team methodology helps you explore, analyze, and anticipate risks that extend beyond your technical systems. Using our modular 4 + 1 Core Methodology, we help you proactively uncover and address the biggest security risks your real-world adversaries are most likely to exploit.





Across the security industry, the line between a penetration test and a red team remains somewhat unclear. Many view red team exercises as just less-constrained penetration tests supplemented with physical and social engineering attack vectors.

In many cases, you need more. Seeing across your systems and finding the gaps as adversaries do helps you refine long-term operational requirements, better assess your investments, and enhance your overall security strategy.


Red teams often conflate vulnerabilities and risks. While a vulnerability might leave you open to attack, a risk identifies the impact of it, and the likelihood of an attacker exploiting that vulnerability. This context is crucial. Our red teams model the attackers’ motivations and preferences so we can identify their preferred plan of attack on your systems and tell you more about your operational risks.


We identify sources of risk by first creating a detailed pre-attack plan that addresses the target system’s technology, people, processes, and functions. Our analytical toolkit then allows us to build a blueprint that goes beyond the typical find-and-fix methodology. This allows you to anticipate, chart, and proactively track broader sources of security risk.


THE 4 + 1 CORE

Building on our pre-attack analysis, the 4 + 1 Core methodology combines one or more of our four engagement approaches to uncover the most vulnerable parts of your potential attack space. The 4 + 1 Core is designed to be highly flexible so we can design an engagement that effectively explores the full target system.

Assumed Breach

An assumed breach engagement begins with an advantageous foothold within your organization to simulate scenarios in which an attacker has already breached the target system. Simulating an assumed breach can save your team time and money during the “live” attack phase and allow you to focus on key phases of the attacker lifecycle. This process can help identify opportunities for assumed breach scenarios.

Purple Teaming

During a purple team engagement, we work cooperatively with your blue team to test and improve your defensive systems, capabilities, and controls. The goal is to evaluate the blue team’s ability to detect and respond to simulated attacks.

Adversary Simulation

Adversary simulation is the art of adopting attacker personas—their thoughts, goals, agendas, and actions to demonstrate real-world risks. While many red teams simulate adversary tactics and techniques on the technical plane, we do more. By profiling an attacker's operational preferences and behaviors in addition to their technical capabilities, we show you what an adversary would prefer to do in each scenario, not just what an attacker could do.

Resilience Assessment

Resilience assessment is the most complex and unique of the four approaches. The objective is to assess your team’s ability to respond quickly and effectively to an event, contain that event, and ensure the continuity of business operations. We assess your defenses by measuring the effectiveness of defensive countermeasures, gauging the operational value of defensive processes designed to prevent compromises or breaches, and estimating the risk to critical information or the ability to conduct business operations.


The tabletop is a facilitated event designed to help you explore and roadmap issues, challenges, and responses. They are commonly used to "game" or test your responses to potential scenarios. They are also useful for educating stakeholders and building awareness of tactical, operational, and strategic security challenges within your organization.

Related Content

Ready for a 
Red Team?

Reach out today to see how our advanced Red Team service can help improve your security posture.