Behind the Scenes of a Real-World Red Team Challenge

When the SBS CyberSecurity network security team arrived at the 2025 company retreat in Sioux Falls, South Dakota, they expected another round of departmental updates and strategy sessions. Instead, they were thrown into a red team competition designed to test their real-world cybersecurity skills in an unpredictable environment.

Justin Curtner, SBS’s network security manager, outlined the objective of red team assessments: “With pen testing, there’s a misconception that it’s the same as red teaming. It’s not. Pen testing follows a strategic, repeatable process, but red teaming forces you to think creatively and adapt in real time.”

This wasn’t a controlled penetration test — it was a full-scale cybersecurity engagement, complete with technical exploits, social engineering, and unexpected team dynamics.

Team Rivals, consisting of Jovana Bogdanovic, Dylan Smith, Cesar Valdes, David Grello, and Ethan Tesch.

More Than Just Technical Skills

The idea for the competition started six months ago, when Curtner and Mitch Myers, network security engineer team lead, began brainstorming ways to make the annual retreat more interactive. After months of planning, they revealed the two-day challenge to the team on the first afternoon of the retreat — without giving them any advance notice.

“We didn’t tell anybody because we didn’t want them to come armed with any devices or anything that we weren’t planning for,” Curtner said.

Curtner and Myers divided participants into two teams — Rivals and Destruction — and gave them a set of red team objectives with minimal initial guidance, including:

• Identifying and accessing hidden access points (APs) in the hotel
• Extracting sensitive data from network devices
• Finding the name of an executive’s great-grandchild through open-source intelligence
• Socially engineering designated employees into singing at the retreat’s karaoke night

To make the challenge even more realistic, Curtner and Myers acted as the clients, offering only limited direction to replicate the unpredictability of real-world engagements. The team leaders designed the competition to force teams to think on their feet, adapt quickly, and exploit any opportunity available within the given rules.

Creativity, Confusion, and Sabotage

Both teams faced challenges from the start — some self-inflicted. The first objective was to locate APs around the hotel, but a misunderstanding sent them on a wild goose chase.

“One of the things we told them in the beginning was, if you can physically bring us one of these access points, then you’ve won,” Curtner said. “All they heard in the conversation was to bring us the access point, so they wasted two hours trying to figure out where they were physically.”

Once they realized their mistake, both teams pivoted, leveraging wireless reconnaissance tools to pinpoint AP locations. But an even bigger challenge was brewing — teams began actively sabotaging each other.

“The funniest part is the one thing we did not talk about was the teams sabotaging each other … which is the first thing that happened within 20 minutes of the whole thing starting,” Curtner said.

Competitors revoked each other’s system permissions, locked team members out of devices, and even planted fake intelligence to mislead their opponents. The spirit of the challenge quickly evolved beyond offensive security skills — it became a test of adaptability and counterintelligence.

With the initial hurdles behind them, each team took a distinct approach to completing their objectives.

Team Rivals

Team Rivals, consisting of Ethan Tesch, David Grello, Dylan Smith, Jovana Bogdanovic, and Cesar Valdes, quickly established a command center and deployed tools like a Wi-Fi Pineapple, Flipper Zero, and heat maps to analyze the network. However, their greatest successes came from social engineering tactics.

At karaoke night, they successfully convinced multiple targets to duet with them, completing one of the most challenging objectives.

Their persistence extended beyond karaoke. One team member discovered an executive’s great-grandchild’s name through a Facebook repost and guided the target into saying it aloud during a recorded conversation.

But Team Rivals wasn’t just playing offense — they actively misled Team Destruction by creating fake karaoke target lists and distributing them as decoys. This tactic delayed their opponents and forced them to take a random approach to their social engineering efforts.

Team Destruction

Team Destruction, consisting of members Will Keller, Will Freeman, Tony Tyndall, and Hunter Cockrell, took a more methodical approach. They leveraged wireless network monitoring and password-cracking tools to infiltrate the external perimeter. They struggled with physical access to APs but excelled in network exploitation.

One of their standout moments was a 30-minute turnaround from receiving their intelligence-gathering objective to successfully identifying an executive’s great-grandchild’s name. By casting a wide net, they were also successful in duetting with a target at karaoke despite not gaining access to the correct target list.

However, Team Rivals’ sabotage efforts took their toll. Destruction spent valuable time chasing down the incorrect target lists, which limited their ability to execute key objectives efficiently.

Final Presentations and Results

On the final day, both teams presented their findings to a judging panel of SBS leadership. Team Rivals delivered a photo-heavy PowerPoint presentation, showcasing their social engineering successes and emphasizing adaptability. Team Destruction opted for a client-style red team report detailing attack narratives, password security flaws, and the importance of least privilege in network defenses.

In the end, Team Rivals emerged victorious, earning each member the following prizes:

• The ability to swap one upcoming service task with someone from the losing team
• A custom red team competition champion virtual background for client calls designed to spark cybersecurity conversations

Lessons Learned

The challenge reinforced key cybersecurity takeaways:

• Social engineering is as powerful as technical exploits. Even security professionals fell for well-crafted pretexts, so regular security awareness training is vital.
• Adaptability is a necessary complement to rigid technical knowledge. Some participants downloaded new tools on the fly, learning to use them under pressure.
• Security teams don’t always think like attackers. Some competitors overcomplicated their approach until Myers reminded them of the KISS method: “Keep it simple, stupid.”

Looking ahead, the team is already planning more network security challenges.

“We might take a different approach next year because now they’ll be expecting it,” Curtner said. “They’ll come armed to the teeth with every device they’ve ever seen, bought, or heard of.”

This wasn’t just another corporate retreat. It was a proving ground for real-world cybersecurity skills. Stay tuned for future reports on the unique training opportunities the SBS team leverages.

How Can SBS Help?

Turn Lessons into Actionable Security

Read More

Cybersecurity Awareness Training

Ongoing security awareness training throughout the year proves to be more effective in reducing cyber risk for your organization.

Read More

Read More

Red Team Services

This service will identify and exploit vulnerabilities, assess the effectiveness of security controls, and provide recommendations for improvement.

Read More