Crown jewels
Goals are the crown jewels, usually represented by flags.
Depending on resources available, a red team exercise can be run in several ways:
Full Engagement: Simulate an attacker’s full workflow, from initial compromise until final goals have been achieved.
Assumed Breach: Start by assuming the attacker has already gained control over some assets, and try to achieve goals from there. As an example, the red team could have as goal access to some user’s credentials or even a workstation in the internal network.
Table-top Exercise: An over the table simulation where scenarios are discussed between the red and blue teams to evaluate how they would theoretically respond to certain threats. Ideal for situations where doing live simulations might be complicated.