2 min read

Pandas, Bears and Threat Actors: Why Red Teaming Goes Beyond CVEs

Picture of Johannes Schoenborn Johannes Schoenborn : Jul 23, 2025 7:29:11 AM

Pandas, Bears and Threat Actors: Why Red Teaming Goes Beyond CVEs

Why are there a panda and a bear in our current social media banners?
They are not random mascots – they represent real-world threat actors (e.g., China-based APT “Panda” groups and Russian “Bear” groups) that define modern cyber conflict. Each has its own patterns, tools, and attack paths. To defend effectively, you must understand who might attack you – and how they operate.

PandaAndBear
APTs
2 An optional caption for the image that will be added to the gallery. Enter any descriptive text for this image that you would like visitors to be able to read.

The Problem with CVE lists:

Most security assessments still produce long lists of CVEs and vulnerabilities.
But here’s the truth:

  • Attackers don’t think in CVEs; they think in attack paths.

  • A “critical” CVE might be irrelevant to your threat model, while a low-scoring weakness could be the easiest way in.

  • Compliance-driven security leaves gaps that real attackers love.

Red Teaming: Thinking Like a Threat Actor

Exploit Labs’ red teams emulate specific threat actors (like Panda or Bear) to benchmark your defenses against real-world attack chains:

  • Who is likely to target your industry or region?

  • Which techniques (MITRE ATT&CK) do they use to gain persistence and escalate privileges?

  • How does your detection stack respond to these tactics?

By emulating relevant adversaries, we find attack paths, not just vulnerabilities. We then help you disrupt those paths and harden your environment against the actors who matter most to you.

Know Your Enemy, Disable Their Playbook

When we red team your environment, we look for:

  • Credential theft and lateral movement paths.

  • Misconfigured MFA or legacy systems that bypass your controls.

  • Shadow IT and hidden attack surfaces threat actors exploit.

Our focus: shut down the techniques that real attackers would use, so your security isn’t just compliant – it’s resilient.

The Legendary Conti Playbook

In 2021, the playbook of the Conti Ransomware Group was leaked.
This document offered unprecedented insights into how the group planned and executed its ransomware attacks. For defenders, it became more than just a glimpse behind the curtain—it served as a concrete guideline for testing and hardening environments against such real-world attack strategies.

This is where red teaming fundamentally differs from penetration testing:

  • Red teaming is about emulating and disrupting targeted attacks—simulating how actual threat actors (like Conti) would operate.

  • Penetration testing, on the other hand, aims to identify as many vulnerabilities as possible, often without focusing on specific threat models.

Both approaches are valuable. Both have their place.
But it is crucial to understand the difference and to use these tools appropriately—knowing when to hunt for every potential weakness and when to test your resilience against real-world attack paths.
Screenshot 2025-07-23 at 15.16.50
heatmap
We emulate the tactics of real APTs to test and fortify your defenses. Ready to see how red teaming can safeguard your business?
One-Off vs. Managed Pentesting: What Financial Institutions Must Know

One-Off vs. Managed Pentesting: What Financial Institutions Must Know

Picture of Johannes Schoenborn Johannes Schoenborn : Jul 26, 2025 4:27:33 AM

Banks and large enterprises are not defined by a single website or mobile app. A modern financial institution might operate hundreds of...

cybersecurity
Read More
We have security solution X, do we even need a pentest?

We have security solution X, do we even need a pentest?

Picture of Johannes Schoenborn Johannes Schoenborn : Jun 20, 2025 2:08:01 PM

"We already run Vectra and CrowdStrike — do we still need pentests?" This caught me a bit off-guard.

cybersecurity
Read More