A
red team simulates a real-world adversary — using the same TTPs as actual threat actors — to test an organization's detection and response capabilities realistically.
Red team ≠ pen test. Pen test = find all vulnerabilities. Red team = achieve specific objectives while evading detection, mirroring a real APT. Red teams test the blue team, not just technical controls.