Red team exercises use various techniques including phishing and social engineering aimed directly at your employees or their usernames and passwords, in addition to watering hole attacks and drive-by downloads that target specific users and their PC using an internet browser or installing malware on a site. The goal is to test the organization’s detection and response capabilities.