Loading...
Loading...
Full-scope red team engagements in Malaysia combining digital attacks, physical penetration testing (badge cloning, tailgating, USB drops), and social engineering — to test your organisation's complete security posture against real-world threats.
A red team engagement is a goal-oriented adversary simulation. Unlike a penetration test — which catalogues vulnerabilities in a defined scope — a red team engagement asks a harder question: can a realistic threat actor reach your Crown Jewels, and would your people, processes, and technology detect and stop them?
nCrypt's red team engagements are full-kill-chain operations. We do not limit our operators to a defined attack surface. We pursue a stated objective — access to the finance system, exfiltration of customer PII, physical entry to the data centre — using any combination of digital exploits, social engineering, and physical intrusion that a real adversary would deploy.
All engagements operate under a signed Rules of Engagement document, an agreed time-window, an emergency abort process, and a get-out-of-jail letter carried by every on-site operator. Nothing moves without written authorisation.
Our red team operations simulate real-world attacks across digital, physical, and human attack vectors.
Physical security testing is conducted by vetted operators under signed Rules of Engagement. Every technique below requires explicit customer authorisation and operates within an agreed time-window with a live emergency contact tree.
Operators attempt to follow authorised staff into controlled areas — lobbies, server rooms, executive floors — without valid credentials. Scenarios range from visitor impersonation to delivery personnel pretexts, all within written Rules of Engagement.
Using long-range RFID readers, operators clone low-frequency (125 kHz HID/EM4100) and high-frequency (13.56 MHz Mifare Classic) proximity card credentials. Cloned badges are used to access target areas and demonstrate the risk of unencrypted card technologies still deployed widely in Malaysian buildings.
Padlocks, pin-tumbler cylinders, door-code panels, and server-rack locks are evaluated under written ROE with explicit time-windows. Objectives are agreed in advance — never destruction, always detection. Findings document how long each bypass takes and what evidence is left behind for defenders.
Custom USB payloads are left in high-footfall areas — car parks, reception desks, break rooms. We measure how many devices are inserted, how quickly, and whether endpoint controls (USB block policies, AV) fire in time. Payloads are safe, non-destructive, and beacon only to nCrypt's controlled listener infrastructure.
Operators conduct walk-throughs using pre-agreed pretexts (vendor visit, fire-safety inspection, job candidate tour) to map physical security controls, CCTV blind spots, door schedules, and staff behaviours. Reconnaissance findings directly inform later physical and digital access attempts within the same engagement.
These rules apply to every nCrypt red team engagement. They are non-negotiable.
A signed scope document and letter of authorisation from the customer's accountable executive must be in nCrypt's possession before any testing — digital or physical — begins.
Locations, systems, personnel, and testing hours are agreed in advance and documented. Operators do not deviate from the agreed scope without a written change request.
A 24/7 abort line connects directly to the customer's named security lead. Any party — operator or customer — can halt all testing immediately. All on-site activity ceases within minutes of an abort call.
Every physical operator carries a printed authorisation letter on the customer's headed paper, signed by the customer's authorised representative. This letter is presented immediately if operators are challenged by security, police, or other third parties.
Six phases covering ROE sign-off through final debrief. Nothing proceeds to the next phase without the prior phase being complete and documented.
Signed scope document, emergency contact tree (24/7 abort line), and a get-out-of-jail letter issued to every on-site operator before any testing begins. Time-windows are agreed per-venue. Nothing physical proceeds without written customer sign-off.
2–3 weeks of passive intelligence gathering: employee profiling, LinkedIn, Maltego entity mapping, exposed credential hunting, physical site photography from public areas, building access schedule observation, and digital perimeter fingerprinting.
Phishing, spear-phishing, vishing, password spraying, and exploitation of externally facing services. Objective is to establish a foothold before any physical presence — mirroring how real threat actors operate.
1–2 days on-site per agreed location. Operators execute tailgating, badge-cloning, USB drops, and lock evaluation attempts under strict time-windows and with the emergency contact tree active throughout.
Once initial access — digital or physical — is established, operators attempt lateral movement toward the agreed objective: Crown Jewels access, data exfiltration proof-of-concept, domain-admin compromise, or physical server access.
Full written report delivered within 10 business days of test completion. Live debrief with the blue team (SOC/IR). Findings mapped to MITRE ATT&CK. Remediation roadmap with ownership, effort, and priority scoring.
Every nCrypt red team engagement produces a structured written report delivered within 10 business days of test completion. The report is accompanied by a live debrief session with the customer's security and operations teams.
Indicative starting prices. Final scope and cost depend on number of locations, target complexity, and duration. All prices are exclusive of SST.
4–6 weeks
From RM 80,000
Single agreed objective (e.g., 'access the payroll server' or 'reach the trading floor'). Full digital + physical kill chain. Ideal for first-time red team customers or specific Crown Jewels validation.
8 weeks
From RM 120,000
Collaborative exercise with your defenders present. Offensive actions are announced incrementally to the SOC, allowing real-time improvement of detection rules and response playbooks. Best for maturing blue teams.
12 weeks
From RM 180,000
Sustained campaign that mirrors an advanced persistent threat. Multiple objectives, repeated attempts, evolving TTPs. Measures whether your organisation's detection and response improves over time under sustained pressure.
Common questions about red team engagements and physical security testing in Malaysia.
Yes. nCrypt conducts physical red team engagements across Peninsular Malaysia and East Malaysia under strict written Rules of Engagement. Every on-site operator carries a get-out-of-jail letter signed by the customer's authorised representative and an emergency abort contact number that reaches the customer's security lead 24/7. Physical testing — badge cloning, tailgating, lock evaluation, USB drops — proceeds only within the agreed time-window and scope documented in the signed engagement authorisation.
A penetration test is a time-boxed, scoped technical assessment of a defined attack surface — a web application, a network segment, a set of IP ranges. It answers 'what vulnerabilities exist in these systems.' A red team engagement is a goal-oriented adversary simulation across the full attack kill chain — digital, physical, and human — that answers 'can a realistic threat actor reach our Crown Jewels, and would we detect and stop them in time.' Red team engagements are deliberately stealth-oriented; the blue team is not typically informed in advance (except in purple team variants).
Yes, when conducted under signed customer authorisation. The Computer Crimes Act 1997 (CCA 1997) §3 (Unauthorised Access) and §5 (Modification of Computer Contents) create criminal liability for unauthorised access. A properly documented red team engagement — signed authorisation, defined scope, agreed time-window — establishes explicit consent that removes the conduct from CCA 1997 prohibition. nCrypt requires a signed Rules of Engagement document and letter of authorisation before any testing begins. Customers should involve their legal counsel in reviewing the authorisation document if required.
Physical red team operations are conducted by vetted operators under signed Rules of Engagement. All operators are background-checked, operate under nCrypt's direct supervision, and carry customer-issued authorisation letters throughout. We do not claim CREST Physical certification for on-site operators; the engagement authorisation framework is the legal and operational safeguard. Digital components of engagements are led by CREST-certified practitioners.
Before any physical testing begins, we establish an emergency contact tree: a named customer security lead reachable 24/7 by both direct phone and a secondary contact. Every on-site operator has the abort number saved and carries a get-out-of-jail letter printed on the customer's headed paper with the authorised signatory's details. If local security, police, or any third party challenges an operator, the operator immediately presents the letter and calls the abort number. All on-site activities cease and nCrypt notifies the customer's CISO within 30 minutes of any incident.
Digital red team components cover cloud environments (AWS, Azure, GCP, Alibaba Cloud) as part of the initial-access and lateral-movement phases. OT/ICS red team is a specialist sub-discipline — speak to us about scope; engagements that include OT targets require additional safety engineering and are priced separately.
Goal-based engagements run 4–6 weeks from ROE sign-off to report delivery. Purple team engagements run approximately 8 weeks. Continuous adversary simulation runs 12 weeks. These include the OSINT/reconnaissance phase, active testing, and reporting. We do not begin active testing before reconnaissance is complete and the authorisation documents are signed.
Scoped technical assessments that validate specific attack surfaces before or alongside a red team engagement.
Continuous external surface discovery that feeds directly into red team OSINT and reconnaissance phases.
Dark web and threat intelligence monitoring that surfaces adversary targeting activity before red team findings need to be learned the hard way.
Share your scope. We'll respond within 24 hours.
Share your scope. We'll respond within 24 hours.
Red team engagements provide the most realistic assessment of your organisation's ability to detect and respond to a determined adversary — digital or physical. Contact us to scope your engagement.