AlgoSecure Audit Red Team is a red team assessment service that simulates real-world attacks against an organization's information system and employees. Unlike a traditional penetration test, which focuses on exhaustive vulnerability discovery within a defined perimeter, this service targets a broader ecosystem including IT infrastructure and personnel, with fewer scope restrictions. The service is structured around a set of attack scenarios and objectives defined jointly by AlgoSecure and the client, based on the client's industry and identified risks. Engagements are conducted over an extended period (typically several months) with only a limited number of client employees informed, in order to test security under realistic conditions. The methodology is divided into five phases: - **Reconnaissance:** Broad information gathering including mapping public-facing IT resources, identifying personnel via company websites and social media, targeting privileged accounts (admins, IT support), identifying less security-aware staff, and discovering technologies via job postings. - **External resource attacks:** Assessment of externally exposed assets, equivalent to an external audit and web application audit. - **Social engineering:** Attempts to exploit human vulnerabilities through spear phishing emails, vishing (calls impersonating IT support), malicious USB drops, and fake flyers targeting employees. - **Physical infiltration:** Non-destructive intrusion into client premises to test physical access controls and connect a network implant via service doors, windows, or impersonation of delivery personnel. - **Internal network attacks:** Once a network implant is connected, an internal LAN audit is conducted to assess internal network security.