Always Contextualize Your Red Team Engagements | Red Team Journal

Despite the fact that we’ve now posted 50 red teaming “laws,” we hope that our readers understand that the superior red teamer should contextualize every red team engagement (within the obvious constraints of budget and schedule). Yes, it’s tempting to commoditize your approach and get in and out as efficiently as possible, but by overdoing it you risk delivering a misleading assessment to your client.

This is another great article posted by our friends at the Red Team Journal.

One of the questions that a reader sent us, aligns great with this post.
In that post, back in 2014, we answered:


This phase is, in my opinion, one of the most important phases. If you do it right it will most likely end in the success of the project. If done right, a good team can move to Phase 5 directly and finish the project. During this phase the team observes the target and learns about it. Physical surveillance and digital scanning are performed. The target's digital and/or physical footprints are mapped and analysed. At the end of this phase there is a clear view of the possible vectors of attack. These vectors can be exploited on the spot.

The Red Team Mindset Course and Digital Recon at the 2015 ITS Tactical Muster

I'm excited to anounce that this year, the ITS Tactical Muster will have the Red Teeam Mindset course and, together with Matt from SerePick a course on recon.

If you are a member of ITS Tactical, maybe we'll see you there. If not, then you should definately join!


Book Review: Team of Teams

When I first thought Team of Teams by General Stanley McChrystal, I thought this was another one of those book where a high ranking officer recounts some of the stuff he did when he was in charge of certain missions in Iraq or Afghanistan. But given that he commanded the Joint Special Operations Command (JSOC), and he is regarded and one of the people that made JSOC one of the most formidable, fluid and adaptable special operation organizations, I figured I'd give it a try.

What a great book.

This book is not about war. This book is about how to apply small team tactics and its mindset to large organizations, with ever changing landscapes and the human factor. This book helps cope with chaos and shows a different approach to adaptability.

Highly recommended.


Quote of the day

"Today’s systems must anticipate future attacks. Any comprehensive system – whether for authenticated communications, secure data storage, or electronic commerce – is likely to remain in use for five years or more. It must be able to withstand the future: smarter attackers, more computational power, and greater incentives to subvert a widespread system. There won’t be time to upgrade it in the field.

History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did."

--Bruce Schneier

First Unofficial Quarterly Red Teaming Day

In conjunction with the Red Team Journal, we are pleased to announce the First Unofficial Quarterly Red Teaming Day: 1 July 2015. To celebrate, print, cut out, and consider the list of red teaming questions below. Every quarter, we’ll post a new set of questions for you to think about. Given the tremendous need for more and better red teaming, we hope this is one small way to encourage potential red teamers across all domains to pause for a few moments and red team an immediate problem or issue.

For those who might not be able to access the graphic, here are the questions:

  1. What does my adversary or competitor want most?
  2. What could my adversary or competitor learn or acquire that would allow them to achieve this goal quickly and easily?
  3. What if my adversary of or competitor already knows or possesses this?