This page is fully or partially automatically translated.

Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

action image header it logic
Forums it-sa Expo Knowledge Forum E

WBRT® - White Box Red Teaming

With WBRT®, an infrastructure can be examined from an attacker's point of view without risk. Advantage and benefit are presented.

calendar_today Tue, 25.10.2022, 13:30 - 13:45

event_available On site

Action Video


Action description







Data security / DLP / Know-how protection Governance, Riskmanagement and Compliance Network Security / Patch Management



This action is part of the event Forums it-sa Expo

Action Video

grafischer Background

This video is available to the it-sa 365 community. 
Please register or log in with your login data.

Action description

WBRT® - White Box Red Teaming is an innovative approach to overcome the limitations of penetration testing without taking the risks of classic red teaming.

In a penetration test, an attacker scenario is defined, usually by the organization being tested. At a minimum, an attacker scenario consists of:

Attack target (e.g., the new web store).
Methodology (e.g., checking the application server via a vulnerability scan or checking the web store via an application scan)
Authorization scenario (e.g. customer of the store, but not administrator)

Red Teaming involves defining a content objective, such as taking control of a control system. The Red Team usually comes from the outside as an attacker and is free to choose its attack targets and methodology. The goal here is to find out if the Blue Team, i.e. the defense, can detect and repel the attacks. Since the attacks are unannounced and take place over a long period of time, the Blue Team must be active around the clock.

Red Teaming therefore has - in contrast to penetration testing - the great charm of looking at an organization as a whole and not at individual systems, networks or applications in isolation.

However, real Red Teaming also has the inherent disadvantage of incalculable risks. For example, due to the necessary lack of knowledge about the criticality of a target system in the scenario, processes relevant to the company can be disrupted. In addition, the effort and thus the costs are very high.

The WBRT® - White Box Red Teaming approach uses the openness of the Red Teaming approach without incurring risks or extreme costs. Likewise, a Blue Team is not mandatory. The process is simplified in the following:

* Definition of the "Holy Grail": The target organization provides the content specification of what is to be achieved, e.g., control of a control system in production.* Research phase (Open Source Intelligence, OSINT): In this optional step, the organization is reconnoitered in advance. The goal is to research as much as possible about potential attack surfaces and reconcile the results with the internal state of knowledge. For example, there are always test servers or marketing campaigns that are still active, either unknown or by mistake.
* White Box Red Teaming Workshop: The workshop takes place with a comparatively large group of participants from the target organization. All relevant technical contacts, such as network administrators, server and client administrators, and possibly also other experts such as SAP specialists, are represented. In the workshop, attack scenarios designed by the external Red Team are jointly discussed and documented.
* Next steps: In most cases, the white box red teaming results in a sufficient number of optimization steps that a catalog of measures is first defined and implemented by the target organization. In some cases, attack options are also derived, where a real implementation is considered to provide insight.
... read more

Language: German

Questions and Answers: No


show more



This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.