Cyber

Red Team
Checklist.

Objective

A red team exercise is a controlled adversarial simulation designed to test an organization's defenses by emulating real-world threat actors. Unlike a vulnerability scan, a red team exercise tests the full chain: technical controls, human responses, detection capabilities, and organizational decision-making under pressure. This SOP provides the operational checklist for planning, scoping, executing, and debriefing to prevent scope creep and ensure findings are highly actionable.

Threat Model Selection

EXTERNAL

Starting position: the public internet. No credentials, no insider knowledge beyond OSINT. Tests perimeter defenses, application security, and phishing resilience.

INSIDER

Starting position: a valid employee credential. Tests internal segmentation, privilege escalation detection, lateral movement, and data exfiltration controls.

PHYSICAL

Starting position: the parking lot. No badge. Tests access controls, front-desk protocols, and the convergence points where physical access enables cyber compromise.

SUPPLY CHAIN

Starting position: access equivalent to a trusted vendor. Tests third-party access controls and the trust assumptions embedded in your supply chain.

Execution & Guardrails

01 / Rules of Engagement

Explicitly defining in-scope targets, authorized techniques, emergency halt procedures, and establishing the exact boundaries of the engagement window.

02 / The Golden Rule

If the red team discovers evidence of an actual, non-simulated compromise, testing stops immediately. The exercise immediately transitions into real incident response.

03 / Psychological Safety

Prohibition of techniques causing lasting harm, such as fake termination notices or impersonating law enforcement. The objective is to test processes, not traumatize individuals.

04 / Blameless Debrief

Overlaying the red team attack narrative with the blue team detection timeline to pinpoint gaps without assigning blame. Followed by a mandatory 90-day retest.

Full Manual Contents:

  • Rules of Engagement (ROE) Template
  • Phishing Simulation Tiers
  • Physical Breach Safety Protocols
  • Real-Time Logging Requirements
  • The Blameless Post-Mortem
  • Remediation Verification & Retesting
Distribute Intel

Secure the Manual

Deploying The Red Team Checklist to your inbox

Encrypted Data Handling: No third-party tracking.

Initiate
Deployment.

Whether you need a full adversarial facility audit or an executive resilience protocol for your leadership team.

Secure the Facility (Assessments)
Secure the Mind (Coaching/Speaking)