Home/Services/Red Team Services
SERVICE · KIGALI, RWANDA

Red team services for banks, telecoms, and government

A red team exercise simulates a realistic adversary pursuing specific objectives, reaching a payment system, exfiltrating customer records, while evading your detection and response. We run objective-based red team operations for regulated institutions across Rwanda, East Africa, and the wider continent, led by a practitioner with red-team experience inside a Tier-1 Nordic bank. And if a penetration test is the better first step for your maturity, we say so before you spend.

Led by: Tier-1 Nordic bank red-team experience | OSCP-credentialled practitioner | Objective-based adversary simulation | Evidence-led attack narrative
Book a Free Call

What a red team exercise tests

01

Objective-based

The exercise targets agreed objectives, the systems and data a real attacker would come for, not a list of hosts.

02

Detection and response measured

The deliverable shows what your SOC detected, when, and what moved through your environment unseen.

03

People, process, technology

A red team tests the whole defence: monitoring coverage, escalation paths, and response decisions, not just software flaws.

04

Honest scoping

If your last penetration test left critical findings open, a red team is premature. We tell you which engagement fits, first.

What this is

A penetration test answers "what vulnerabilities exist in these systems?" A red team exercise answers a different question: "can a determined adversary reach our crown jewels, and would we notice?" Our operators pursue agreed objectives over weeks, chaining access the way a real attacker would and working around your monitoring, while a small control group (the white cell) oversees the exercise. The full distinction, including a maturity model for deciding between the two, is in our guide to red team vs penetration testing.

Our red team work is led by an OSCP-credentialled practitioner whose engagement history includes red-team operations inside a Tier-1 Nordic bank, alongside penetration testing for a pan-African banking group, a top-5 South African bank, and a securities-trading firm. That is the operating context your exercise is modelled on: a regulated bank with a real SOC, not a lab.

Methodology

Scenario design

We agree objectives, the threat model, rules of engagement, and the white cell. Scenarios run external-first or assumed-breach, where we start from an agreed foothold so the exercise measures detection and response rather than perimeter luck.

Execution

Manual, covert operation toward the objectives: initial access, privilege escalation, lateral movement, and staged exfiltration tests, with every action logged and critical exposures escalated to the white cell immediately.

Reporting

A full attack narrative mapped to MITRE ATT&CK techniques, a detection timeline of what your team saw versus what they missed, and prioritised fixes for both vulnerabilities and monitoring gaps.

Debrief

A joint walkthrough with your defenders, technique by technique. Where it adds value, we replay key techniques as a purple-team session so your SOC builds detections on the spot.

Who this is for

Red teaming is for mature security teams: institutions that already test regularly, have remediated the major findings, and now need to know whether their detection and response hold up against a live adversary.

If you have not yet built that baseline, start with our penetration testing service and an incident response plan, then come back to red teaming when there is a detection capability worth measuring. That sequencing advice is free and we give it on the first call.

Deliverables

Frequently asked questions

What is the difference between a red team exercise and a penetration test?
A penetration test finds as many vulnerabilities as possible within a defined scope and timeframe. A red team exercise simulates a realistic adversary pursuing specific objectives, such as reaching a payment system or exfiltrating customer records, while evading detection. A red team tests your defences across people, process, and technology, not just the systems in scope. Our full comparison guide covers the decision in depth.
Is our organisation ready for a red team exercise?
You are ready if you have run penetration tests, remediated the major findings, and operate a SOC or security-monitoring capability whose detection and response you now want to measure. If critical findings from your last penetration test remain open, fix those first: a red team against an unhardened environment proves little and costs more. We will tell you which one fits before you spend.
How long does a red team engagement take?
Typically 4 to 8 weeks, depending on the objectives, the scenario model (external or assumed breach), and the size of the environment. A standard penetration test runs 1 to 6 weeks by comparison.
Will our security team know the exercise is happening?
Only a small control group (the white cell) knows: typically the CISO and one or two senior stakeholders who can authorise activity and stand the exercise down if needed. The SOC and wider security team do not know, because measuring their unrehearsed detection and response is the point of the engagement.
Does a red team exercise satisfy the BNR annual penetration testing requirement?
Treat them as separate obligations. BNR Regulation N°50/2022 requires supervised institutions to run a penetration test at least once a year, and a red team exercise produces a different kind of evidence: an attack narrative and detection findings rather than full vulnerability coverage. We scope the two separately so each filing stands on its own; confirm the acceptable evidence format with your examiner. See our BNR-compliant penetration testing service for the regulatory engagement.
How much does a red team exercise cost?
Every engagement is scoped individually against your objectives, scenario model, and environment. Red team exercises cost more than a standard penetration test because they run longer and involve scenario design and custom tooling. Tell us what you want to test and we respond with a scoped quote.
Can we run a purple team exercise instead?
Yes. In a purple team format, our operators execute attack techniques while your defenders practise detection and response in real time, with a debrief after each technique. It trades the realism of a covert exercise for faster, more direct learning, and it suits teams building out their detection capability.

Not sure which engagement your institution needs? Start with the maturity model in our red team vs penetration testing guide, or see the full scope of our manual testing on the penetration testing service page.

Ready to test your defences, not just your systems?

Tell us your objectives and your current testing history. We reply within 24 hours with an honest recommendation, and a scoped proposal follows within 48 hours of the scoping call.

Book a Free Call WhatsApp us
Chat on WhatsApp Chat with us