Concepts for the Red Team Mindset: Pattern Red Teaming

Pattern Red Teaming, also coined and described by Mark Mateski of the Red Team Journal, includes Point Red Teaming but embeds it within the broader system. Pattern Red Teaming is strategic and lifecycle-oriented. It emphasizes enterprise-wide requirements; dynamics; and long-term, sustainable strategies. In short, Pattern Red Teaming is all about looking at the system for broader patterns and tradeoffs.

Concepts for the Red Team Mindset: Point Red Teaming

Point red teaming, originally coined and described by Mark Mateski of the Red Team Journal, is tactical, short-term, and focused on immediate needs assessment. It helps enterprises find and plug existing holes. It’s roughly equivalent to pen-testing but can include other techniques as well. Point Red Teaming efforts tend to be one-off, and even when coordinated at a project level, they still maintain the point focus. Because they’re one-off, it’s hard to connect the dots, find the patterns, and project those patterns into the future. What’s more, running lots of point red teams doesn’t mean you see the big picture; in fact, it may obscure the big picture while leading you to believe you’ve mastered it.

National Security in Three Diagrams and Six Takeaways | Red Team Journal

Now, if you only had one article to read about Red Teaming a year, then this one should be it.

Our friends are the Red Team Journal have a fantastic post. I will not write a quote about it. No. I will just list their six points.

just go there and read it.

  • Money isn’t the answer, but it’s now part of the problem.
  • Point strategies yield a false sense of security but often cost more and yield less than pattern strategies.
  • Adversaries with fewer resources but more perceptive pattern strategies continue to give us a run for our money.
  • Point red teaming leads to point strategies.
  • Pattern red teaming encourages pattern strategies.
  • To beat these sorts of adversaries, we need better pattern strategies.

Book Recommendation

The Unfettered Mind: Writings from a Zen Master to a Master Swordsman. By Takuan Soho.

This is a Zen book, a philosophy work. While this is not a Red Teaming or technical book per se, I think if you are looking to really understand the mindset, the human nature and how to better yourself, this book has a lot of value.
I'm a long time Aikido practitioner, where Zen elements are present in every aspect of the Martial Art. One of my early Sensei requested that we read this book before taking our Shodan (Black Belt exam) and that we write a small work about our minds.

Many years later, I found the book again and I read it. Now after having served in the military and working already as a Red Teamer. I understood the contents differently and I began applying those concepts during the anaylsis phase of the project. The results were surprising.

We must know that it is not enough just to see what the Mind is, we must put into practice all that makes it up in our daily life. We may talk about it glibly, we may write books to explain it, but that is far from being enough. However much we may talk about water and describe it quite intelligently, that does not make it real water. So with fire. Mere talking of it will not make the mouth burn. To know what they are means to experience them in actual concreteness. A book on cooking will not cure our hunger. To feel satisfied we must have actual food. So long as we do not go beyond mere talking, we are not true knowers.

It is a small book, but highly recommended.

Here's Takuan Soho on Red Teaming:

When you look at a tree, see it for its leafs, its branches, its trunk and the roots, then and only then will you see the tree.


Red Teaming and Energy Grid Security Slides

Some interesting points in this presentation.

The informative and entertaining discussion is presented by a 26 year military and law enforcement veteran and former federal counterterrorism operative (now working as a state law enforcement agent responsible for critical energy infrastructure protection), and details the emergence of Red Cell activities and Red Teaming as a valuable form of alternative assessment for use in securing the American energy grid. A widely accepted and established practice in military and intelligence circles, Red Teaming is slowly moving into law enforcement and the private sector, and is now being utilized as a key vulnerability and threat assessment tool by state law enforcement agencies, Fortune 500 companies, and national laboratories.


Point and Pattern Red Teaming | Red Team Journal

I remain convinced that the best red teamers are those who know many different things. Yes, domain knowledge and skills are essential, but the best red teamers I’ve met—almost without exception—are those who actively hunt down concepts from other domains and then apply them to their red teaming activities. I’ve even encountered a couple of organizations that do this well, although I increasingly worry that they are the exception, not the rule.

Another great article at the Red Team Journal


Red Teaming Yourself

A reader recently asked me if I can help him Red Team himself, to check his digital footprint and to know whether he was safe out there.

My answer was a list of things that he can check and that if any of these questions raised concerns then we could take it one step further.

Here's the list, I think it will help you threat-assess yourself:

Digital Life

  • Use passphrases instead of passwords
  • Use different passphrases for different accounts
  • Don’t reply to spam emails or click on links/pictures without verifying them, even when they came from friends
  • Don’t respond to emails coming from companies requesting more information about you, call them, and only to the number that you know it’s the real number
  • Don’t open PDF, office documents, GIF or JPEG files directly on the email client or browser.
  • Don’t run Windows. If you do, you at least have it hardened for security
  • for windows, you have at least a good personal firewall (not free) and a good anti-malware (not free) (they don’t really work, but they do catch the script kiddies)
  • Don’t use pirated software, most have backdoors
  • Your mobile devices (phone, tables, etc) are password protected.
  • your mobile devices are not rooted and you download apps from trusted sources
  • Install the latest updates on both the computers and mobile devices
  • Don’t download apps for your computer from “download” sites, but from their author’s site or the app store
  • Don’t use filesharing services (torrent, etc)
  • You clean the browser cache, cookies, history, etc, at least once a day
  • Use an ad block plugin for your browser. Ads a worthless and can contain redirects to malware sites
  • Don't use any other browser plugins, unless you wrote them yourself
  • Don’t use Internet Explorer
  • Don’t install Flash, Silverlight or Java
  • Don’t connect to public, unprotected wifi networks. At least, if you do, do not login to any personal site (bank, email, etc)
  • Harden your computer for security
  • Enter your own URL and not just click on the link
  • Lock the computer when you walk away
  • Don’t use public computers
  • Buy online ONLY from trusted sources
  • Do NOT let browsers store passwords for you
  • Read the error messages, don't just click OK

Personal information

  • Don’t reveal SSN or other personal identifying information (address, mother maiden, girlfriend name, identifying marks, tattoos, etc)
  • Don’t share you life on social media, in fact stay away from social media unless it’s needed for work and then only post very little.
  • Keep sensitive information such as bank accounts, ssn, medical, etc off your mobile devices and computer (at least the computer that you travel with)
  • You have training on social engineering and know how to spot someone tying it
  • Stay away from Facebook if possible
  • Shred anything that has your name on it
  • Digitally shred sensitive files
  • Wipe your HD when you want get rid of it

Start Here

We've seen a lot of new readers in the past few days and a lot of the questions coming our way are good, but can be easely answered by reading previous posts. I thought that maybe the new readers would benefit and know more about the blog and the Team if we list some of the old posts.
So, here's a list of what I think it's a good way to start understanding the blog and Red Teaming. It's a good thing for new readers and for the the old timers here, well, it's a good refresher to read this again.

And some of the old projects and operations we performed in the past few years.

And some about Gear too


The Three C’s of OPSEC

Via Grugq.

I would add:

  • Be paranoid, never trust anyone, always verify
  • Never reveal your plans
  • Never work from your own office/safe place
  • Don't reveal personal or atmospheric details
  • Never leave anything behind that might be traced to you