> ## Documentation Index
> Fetch the complete documentation index at: https://docs.decepticon.red/llms.txt
> Use this file to discover all available pages before exploring further.

# Pentesting vs Red Teaming

> Why Decepticon is a Red Team Agent, not a vulnerability scanner — and how Autonomous Red Teaming extends the discipline.

To fully grasp Decepticon's identity as an **Autonomous Hacking Agent**, it is essential to understand the fundamental differences between Vulnerability Assessment, Penetration Testing, and Red Team Engagement. Decepticon explicitly targets the methodology of the last — and adds a fourth, machine-speed mode on top.

## The Three Disciplines

The security testing landscape forms an inverted pyramid: vulnerability assessments at the wide base (broad, shallow), penetration tests in the middle (targeted, deeper), and red team engagements at the apex (scenario-driven, full-organization).

<CardGroup cols={3}>
  <Card title="Vulnerability Assessment" icon="clipboard-list">
    Identify technical flaws across a wide attack surface. Output: a list.
  </Card>

  <Card title="Penetration Test" icon="bug">
    Exploit those flaws to prove attack paths within a targeted scope.
  </Card>

  <Card title="Red Team Engagement" icon="scan-eye">
    Train and measure the defenders by emulating a real adversary end-to-end.
  </Card>
</CardGroup>

## Side-by-Side Comparison

The following framing is adapted from the canonical comparison published by [redteam.guide](https://redteam.guide/docs/Concepts/red-vs-pen-vs-vuln/) — extended with a fourth column for the autonomous-agent mode Decepticon enables.

| Aspect               | Vulnerability Assessment | Penetration Test                    | Red Team Engagement                       | Autonomous Red Team (Decepticon)                            |
| -------------------- | ------------------------ | ----------------------------------- | ----------------------------------------- | ----------------------------------------------------------- |
| **Goal**             | Identify technical flaws | Exploit flaws to prove attack paths | Train and measure blue team effectiveness | Continuously rehearse the blue team against an AI adversary |
| **Scope**            | Wide, shallow            | Targeted systems                    | Full organization                         | Full organization, programmatically expandable              |
| **Focus**            | Technology               | Technology                          | People, processes, and technology         | People, processes, technology — driven by an OPPLAN         |
| **Duration**         | Days                     | 1–2 weeks                           | 2–6 weeks                                 | Hours to continuous (machine-speed loops)                   |
| **Threat Model**     | CVE-based                | Attack surface                      | Adversary emulation                       | Adversary emulation, dynamic per engagement                 |
| **Risk Measurement** | Attack-surface reduction | Technical exploit impact            | Security operations assessment            | Operations assessment + regression coverage over time       |
| **Output**           | Vulnerability list       | Exploit evidence and attack paths   | Security operations assessment            | OPPLAN-tagged findings, attack graph, remediation patches   |

<Info>
  The fourth column is not a replacement for human red teams — it is the same discipline, scaled. Humans set the Rules of Engagement, define objectives, and adjudicate findings; Decepticon executes the kill chain inside that envelope.
</Info>

## The Limitation of Traditional Pentesting

Traditional penetration testing focuses on evaluating security in silos — web, mobile, or external networks individually.

* **Siloed Evaluation**: Pentesting might find SQL injection in a single web app, but it doesn't test if defenders can detect an attacker using that web app as a proxy to pivot into the internal network.
* **The Soccer Analogy**: Pentesting is like practicing shooting, passing, and dribbling individually. These are essential skills, but practicing them in isolation for four years won't prepare a team for the World Cup if they never play an 11-vs-11 match.
* **The Real Limitation**: Pentests fail to test how the organization's overall security controls, blue team, and processes work together organically during a real, multi-stage attack.

## Red Team Testing: The "Real Match"

Red Teaming is the actual 11-vs-11 practice match — a comprehensive adversarial simulation designed to test an organization's holistic defense capabilities over an extended period (typically 4–8 weeks).

### Core Attributes of Red Teaming

1. **Holistic & Multi-Domain** — Real attackers don't attack just the web app and stop. They chain cloud, mobile, internal networks, and even physical or social engineering vectors. Red Teaming mirrors this.
2. **Stealth & Persistence** — The primary goal is to remain undetected by the blue team. Red teamers operate quietly, evading SIEMs and EDRs, and maintain access (persistence) over long periods.
3. **Realistic Objectives** — Instead of listing CVEs, the goal is practical: *Can we access the SWIFT infrastructure? Can we exfiltrate dummy customer data without the blue team noticing?*
4. **Threat Gets a Vote** — Engagements are grounded in what real threats actually do, not just what defenders plan for. The threat profile drives the TTPs.
5. **Assumed Breach** — If initial access (e.g., phishing) is blocked, red teamers shift to an "assumed breach" scenario: a beacon is planted internally to evaluate post-breach response, lateral-movement detection, and internal recon.

## The Engagement Lifecycle: Get In, Stay In, Act

A red team engagement follows three phases — a model used widely across the industry and codified in the redteam.guide methodology:

<Steps>
  <Step title="Get In">
    Initial access via the threat profile's preferred vectors — phishing, exposed services, supply chain, social engineering. The objective is footprint, not noise.
  </Step>

  <Step title="Stay In">
    Establish persistence and command-and-control. Tier C2 channels (interactive / short-haul / long-haul). Maintain OPSEC. Survive defender response.
  </Step>

  <Step title="Act">
    Execute the engagement objectives — privilege escalation, lateral movement, credential access, data discovery, exfiltration, operational impact — while remaining on-mission and within the Rules of Engagement.
  </Step>
</Steps>

## Why Decepticon Is an Autonomous Hacking Agent

Decepticon automates the **Red Teaming** mindset, not the pentest checklist. It does not blast a network with automated scanners — that would alert the blue team instantly.

Instead, it reads the context of the environment. It maintains stealth, performs internal reconnaissance, executes lateral movement, and simulates assumed-breach scenarios autonomously. The kill chain is driven by an **OPPLAN** — a structured operations plan the agent generates from the operator's RoE and ConOps before a single packet leaves the wire.

By taking on the role of a relentless, AI-driven red team, Decepticon provides infinite offensive feedback. It is the [Offensive Vaccine](/en/introduction/overview#the-motivation-an-offensive-vaccine) — training defense systems against the organic, stealthy realities of modern cyber threats rather than handing them a checklist of outdated software.

<CardGroup cols={2}>
  <Card title="Engagement Lifecycle" icon="route" href="/en/concepts/red-team-lifecycle">
    Get In, Stay In, Act — the three-phase lifecycle, mapped to Decepticon's agents.
  </Card>

  <Card title="MITRE ATT&CK Integration" icon="crosshairs" href="/en/concepts/mitre-attack">
    Tactics, Techniques, and Procedures — the shared vocabulary between threats and Decepticon.
  </Card>

  <Card title="Threat Emulation" icon="user-secret" href="/en/concepts/threat-emulation">
    How Decepticon turns a threat profile into an executable engagement.
  </Card>

  <Card title="Roles & Cells" icon="users" href="/en/concepts/roles-and-cells">
    Red Cell, Blue Cell, White Cell, Trusted Agent — and where Decepticon fits.
  </Card>
</CardGroup>
