If your most recent red team engagement focused on malware execution, lateral movement across endpoints, and noisy intrusion chains (and the report came back clean), it’s worth asking what wasn’t tested.
The traditional playbook still gets used, and defenders still have to catch it. But advanced attackers have added a second layer on top of it: identity-centric work, slow-and-quiet movement that fragments behavioral telemetry, and cloud governance abuse that does not generate the kind of telemetry your endpoint stack was built to detect. If the engagement only tested the first layer, a clean report only covers half the picture, and you have a gap. The next test needs to close it.
I run offensive engagements for Bitdefender. Allow me to explain what I see when an organization asks for a red team that looks like the last one they ran three years ago, and why that scope no longer covers the full threat.
The Actual Offensive Playbook Today
Advanced attackers are less often “breaking in” and more often becoming you. Malware execution on endpoints still happens, but the high-value attack paths have widened to include session hijacking, token theft, and MFA bypass through OAuth abuse (attackers exploit application consent flows to inherit user permissions without triggering MFA challenges).
Threat actors also utilize SSO compromise via phishing or leaked credentials, and cloud identity takeover through excessive permissions or federated trust exploitation (attackers leverage external identity providers trusted by the target to inherit access without direct credential theft). The goal at this layer is to inherit legitimate access rather than force illegitimate access. As a result, an engagement that fails to probe identity compromise produces unrealistically easy results, because it tests only the layer that attackers expect to be hardened.
Findings from a Recent Red Team Engagement
During the initial access phase of a recent engagement, our traditional payload phishing attempts (modern delivery techniques like ClickFix and FileFix) were caught by the customer’s endpoint security stack. The endpoint defense worked as designed. But the same target’s conditional access policy was permissive enough that we abused the OAuth flow to hijack user sessions and reach one of their SaaS platforms without ever needing a payload to land. The endpoint test came back clean, unable to find this type of gap.
The identity test, had it been run, would have surfaced a real exposure and enabled the gap to be found and closed.
The attack shift is structural, not trendy. Defensive tooling has raised the cost of noisy endpoint intrusion: behavioral detection catches anomalous process trees, dynamic attack surface reduction blocks unapproved tools.
Attackers responded by adding paths that move away from the ground defenders hardened first. The identity and access layer is one of them, where behaviors look legitimate because the credentials are legitimate. A red team engagement that still centers on endpoint compromise is testing yesterday’s defensive posture against an offensive surface that has grown wider.
The Slowness Discipline
Identity-centric operations require being slow and human. Delayed actions across days or weeks. Staggered movement between sessions. Operational mimicry of working hours and keyboard rhythms. Throttled exfiltration bandwidth. Residential proxy infrastructure (connections routed through real home ISP addresses rather than datacenter IPs or cloud VPSs, making them indistinguishable from legitimate remote workers). Less automation, more hands-on keyboard work. What’s the result of all this? Telemetry fragments into user activity that defenders see every day, rather than clustering into the kind of timeline correlation that detection engines catch.
Here's a practical example: Lightweight Directory Access Protocol (LDAP) enumeration. The Bloodhound and SharpHound approach pulls a directory in one programmatic sweep. Fast, complete, and a telemetry spike that any tuned correlation engine will catch. Howerver, targeted manual queries against specific objects, spaced across days and folded into normal session activity will surface the same intelligence without the spike. Same operator goal. Same intelligence collected. Different telemetry footprint.and the slow path is far less likely to register as anomalous.
This is the current discipline sophisticated attackers bring, not a technique they have moved past.
The AI Paradox
Defensive AI correlates behavior over a very long time frame, enabling it to connect actions across days or weeks that short-term anomaly detection would miss. This is making slow-and-quiet operations harder for attackers. You can be careful and still get caught, and AI has a better memory than a human. It correlates actions across weeks that a SOC analyst reviewing daily logs would never connect. That raises the difficulty bar for attackers who rely on temporal fragmentation and they are becoming more focused on staying below detection thresholds.
But this pressure does not make slowness obsolete. It forces attackers to get more sophisticated: better operational mimicry, tighter adherence to normal working patterns, even longer delays between stages. The AI escalation is real. The response is escalation in return, not retreat. Red teams that do not replicate this pressure produce unrealistic results. If your last red team operated at automation speed and your defenses passed, you should ask another question: Would our defenses pass against an attacker willing to spend weeks fragmenting their work, as they create patterns our AI treats as normal user behavior?
Cloud Governance as the New Frontier
Attackers are also probing places where defensive AI is structurally weakest: cloud governance gaps. This includes things like IAM persistence via native mechanisms, excessive permissions that grant more access than job function requires, and federated trust relationships that inherit external identity without verification.
These are governance problems, not technical problems. They do not generate the kind of endpoint telemetry that behavioral detection catches because they operate through legitimate cloud control planes using legitimate credentials.
Here’s a real-world instance: Authentication and Persistence. During a pre-Bitdefender engagement, a red team exercise focused on a “cloud-to-on-prem” pivot at a company using Google Cloud Platform (GCP). On a compromised user’s local system, we found a privileged GCP service account key. We used that key to authenticate as the service account directly from outside the customer’s premises. The telemetry in place at the time did not cover that authentication path, so it went undetected.
And once we held the key, we no longer needed an internal foothold at all. Persistence lived outside the perimeter, in a credential that could be reused from anywhere, indefinitely, by whoever held it. That is the shape of governance-gap persistence: not malware on a host, but a credential artifact that grants legitimate-looking access with no host activity to flag.
Modern red team engagements push into this layer. An endpoint-focused engagement misses it entirely. If your last engagement scoped around host-level intrusion and did not test whether an attacker with valid cloud credentials could create persistent access through IAM role modification, or federation abuse, you have not tested the path advanced attackers are walking today.
Where Red Teams Hand Off to Prevention
Some paths advanced attackers use are off-limits to red teams. An indirect compromise through a trusted supply chain is a clear example. It requires third-party authorization, timelines longer than most engagements allow, and political capital that few organizations are willing to spend on an offensive test. We do not realistically simulate this path, not because it is unimportant, but because the scoping constraints make it impractical.
This is a scoping reality, not a red team failure. It is the boundary where red teams hand off to a prevention-first defensive posture. The paths we cannot push into are exactly the paths prevention can close.
Defensive AI is better at detecting direct compromise than third-party-led intrusion because the telemetry profile for direct work is denser and more anomalous. An attacker who compromises a trusted supplier and operates through that supplier’s legitimate access generates telemetry that appears to be the supplier doing their job. No behavioral baseline detects it because the behavior is the baseline.
Prevention closes that gap by shrinking the attack surface, lowering the odds an intrusion will even start.One example is that prevention limits trusted third-party access to what a specific job function requires, it enforces least-privilege on federated identities. It also monitors supply chain risk as a distinct category rather than assuming third-party access is safe by default. Red teaming validates whether your defenses catch what they are designed to catch. Prevention validates whether the things they are not designed to catch are things an attacker can reach in the first place.
Modern Red Teaming: Expanded and Increasingly Critical
Modern red teaming is critical because it has evolved with the threat landscape. If your last engagement focused on endpoint paths and came back clean, run a current one. Test identity compromise, test slow-and-quiet fragmentation, test cloud governance abuse. Pair it with prevention-first thinking, because the paths red teams cannot push into are exactly the paths prevention has to close. Modern attackers operate at this seam.
This post is the offensive view of that seam: what attackers are doing now and where red teams can and cannot follow them. The traditional playbook still gets used, and defenders still have to catch it. But advanced attackers have added a second layer on top, and we must test against that layer, too.
For more on this topic, and around prevention, watch my on-demand panel discussion,
The Lab, the SOC, the Red Team: Why Prevention Still Wins
The conversation brought research, response, and offense to the same table.
You can also learn more about Bitdefender offensive services and speak with an advisor if you need assistance.
