Planning a red-team exercise

The red-team exercise is not just a mere pentest; it's an adversary attack simulation exercise that allows us to assess the following:

• If the organization can detect the attack or not
• If an organization is able to contain/ restrict the attack after detection
• If the organization can protect their business critical assets from the red teamers or not
• How the defenders of an organization perform an incident response in the event of such attacks

Before getting into the planning phase of the red-team exercise, first you need to understand the concept of the cyber kill chain.