Red team and adversary simulation for Australian organisations
dotSec conducts collaborative red team exercises designed for organisations with mature security controls. Rather than black-box engagements that measure OPSEC skill rather than defensive capability, dotSec structures engagements as multi-stage exercises where offensive and defensive teams work iteratively to validate and improve detection and response. This produces more useful outcomes for organisations that have already invested in baseline security controls.
Why conventional red teaming often fails
In a mature environment, a black-box red team engagement typically produces one of two outcomes: the tester finds a gap the blue team already knows about, or the engagement spends most of its time demonstrating OSINT capability against LinkedIn and staff profiles. Neither outcome justifies the investment.
The problem is structural. Black-box red teaming measures how well the red team can evade detection, not how well the blue team can detect adversary behaviour. For organisations that have already implemented endpoint detection, centralised logging, and alert triage, this produces theatre rather than insight.
dotSec’s model is designed to stress-test specific controls, document detection boundaries, and produce calibrated findings that both red and blue teams can act on.
How dotSec structures a red team engagement
dotSec’s red team engagements are structured as multi-stage exercises with defined objectives at each stage. Stages currently delivered include:
- Email content filter bypass testing: iterative payload development and detection boundary mapping across email security controls.
- Assumed breach and EDR boundary testing: progressive payload capability testing to calibrate SOC detection thresholds under controlled conditions.
- Active Directory Certificate Services (ADCS) misconfiguration assessment: certificate template and identity trust assessment for exploitable weaknesses, aligned to SpecterOps Certified Pre-Owned research.
- Application whitelisting assessment: trusted path abuse, script interpreter gaps, and DLL loading weaknesses.
- Internal social engineering from legitimate account positions: simulates insider threat and post-compromise lateral movement, complementing dotSec’s social engineering and phishing exercises.
- AI and Copilot prompt injection: direct and indirect prompt injection testing aligned to the OWASP LLM Top 10 and MITRE ATLAS. See also dotSec’s dedicated AI penetration testing service.
- Data exfiltration testing: across multiple channels including email, cloud storage, DNS, and HTTP.
Each stage is scoped against your environment and objectives. Not all stages apply to every engagement.
Purple teaming and collaborative exercises
dotSec’s red team model operates as a purple team exercise. Each stage concludes with a findings review where red and blue teams compare timelines, review detection events, and document what was detected, what was missed, and where the detection threshold sits. The goal is calibration, not a surprise reveal.
This structure suits organisations that have been through conventional red teaming and found the outcomes limited. It directly supports blue team improvement and provides measurable evidence of what controls work and what needs attention. Findings are classified using MITRE ATT&CK technique references and reported with CVSS v4.0 severity ratings.
Organisations using this model as part of a maturity programme may also benefit from dotSec’s Essential Eight assessments and CIS 18 assessments, which provide a framework for measuring control effectiveness before and after red team exercises.
Custom tooling
dotSec develops its own payloads, proof-of-concept malware, and EDR evasion techniques in-house. Engagements do not rely on off-the-shelf commercial frameworks, which means detection signatures written for commodity tools do not apply.
Detection boundary mapping
The value of a red team engagement is not in proving a bypass exists but in documenting exactly where detection starts and stops. dotSec produces detection boundary maps that the blue team can use to prioritise alert development and control improvement.
ADCS and identity testing
Active Directory Certificate Services misconfigurations remain one of the most impactful attack paths in mature Windows environments. dotSec assesses certificate template configurations and identity trust relationships for exploitable weaknesses, aligned to current SpecterOps research on privilege escalation and persistence.
AI and Copilot testing
For organisations deploying Microsoft Copilot or other AI systems internally, dotSec tests whether prompt injection (direct and indirect) can surface data beyond intended access boundaries. Testing aligns to the OWASP LLM Top 10 and MITRE ATLAS, and complements dotSec’s dedicated AI penetration testing service.
Red team FAQ
What is the difference between red teaming and penetration testing?
A penetration test targets a defined scope and seeks to identify and exploit vulnerabilities within that scope. Red teaming is broader: it simulates a motivated attacker operating across the entire environment, using multiple attack vectors, with the goal of testing detection and response capability. dotSec’s red team engagements are structured as collaborative exercises to maximise the value of each stage.
Is red teaming only for large organisations?
Red teaming is most valuable for organisations that already have mature security controls and want to validate that those controls work under adversarial conditions. If an organisation has not yet conducted penetration testing or addressed basic hygiene (patching, MFA, endpoint protection), a penetration test is a more appropriate starting point. dotSec can advise on which approach suits your current maturity level.
How long does a red team engagement take?
Scope determines duration. A typical multi-stage collaborative exercise runs over several weeks to months, with stages conducted sequentially or in parallel where dependencies allow. Each stage concludes with a findings review before the next begins. dotSec will scope the engagement to match your objectives and budget.
What frameworks does dotSec align to?
Engagement methodology aligns to MITRE ATT&CK for technique classification, SpecterOps Certified Pre-Owned research for ADCS testing, OWASP LLM Top 10 and MITRE ATLAS for AI-related testing, and CISA red team advisory publications for scenario design. Findings are reported with CVSS v4.0 severity ratings.
What next?
If your organisation has mature security controls and wants to validate them under adversarial conditions, or if you have been through conventional red teaming and found the outcomes limited, dotSec can design an engagement that produces practical results. Contact us to discuss your objectives, or read about our penetration testing services as a starting point.
Premier australian cyber security specialists
