White Box Red Teaming - WBRT®

WBRT® - White Box Red Teaming is an innovative approach to overcome the limitations of penetration testing without taking the risks of classical Red Teaming.

The WBRT® - White Box Red Teaming approach leverages the openness of the Red Teaming approach without incurring risks or extreme costs. Likewise, a Blue Team is not mandatory. The process is presented in a simplified way in the following:

• Definition of the "Holy Grail": The target organization provides the content specification of what is to be achieved, e.g., control of a control system in production.
• White Box Red Teaming Workshop: The workshop takes place with a comparatively large group of participants from the target organization. All relevant technical contacts, such as network administrators, server and client administrators, and possibly also other experts such as SAP specialists, are represented. In the workshop, attack scenarios designed by the external Red Team are jointly discussed and documented.
• Next steps: In most cases, the white box red teaming results in a sufficient number of optimization steps that a catalog of measures is first defined and implemented by the target organization. In some cases, attack options are also derived, for which a real implementation is considered to yield insights