The Original 12 Explained

Red Teams
Rules

Most of you are familiar with the Rules. Like you know I had originally 12 rules. It all started with a joke: when in doubt, red team it.

Several readers asked me about the idea behind them and how I chose those specific rules, so here it is: the original 12 explained.

Rule 1: Always have an escape plan

You know all your plans will fail. There is no doubt about it. So, always have a way out. This applies also to projects, operations, and everything you do. Always know where the exits are, always know what to do in an emergency and be prepared for that. This is so important that it's the 1st rule.

It currently goes something like:

  • Always have a plan.
  • Always have a back-up plan, because the first one probably won’t work.
  • Always have an escape plan because all the rest of the plans will fail.

Right there with PACE: Primary, Alternate, Contingency and Emergency.

Rule 2: Be aware of your surroundings.

OK, you have an escape plan. Knowing where you are, what's happening around you, noticing the things out of place or the people noticing you is what's coming next. Being aware of your surroundings will give you that extra fraction of a second where you can react and save your and your buddy's life.

On the red team side, being aware of what's around you, both physically and digitally, might give you that extra edge. It will help you find that way in, the faulty policy, the question that no one asked.

Yes, so right after having an escape plan you need to be aware of your surroundings.

Rule 3: Assumption is the mother of all fuckups.

Assumming that something will happen or is a certain way is asking for trouble. Never assume, always verify, ask, research, investigate, collect intel and inform yourself and your team.

This rule is one of those truths that have to be remembered time and time again. We forget about this when we are very involved with something and think we know all the answers.

Don't do it.

Rule 4: Always have a backup plan.

Right there with Rule 1. You know your plan will go to hell once you are on the field. Always have a plan B and if possible a plan C as well.

When we are planning a project we always designate a team member as the plan B guy. He or she will be in charge of saying that the plan is bad and won't work and a plan B will be drafted. Similar to the 10th Man Strategy, the plan B person will always work on contigencies.

When in doubt always remember PACE (see Rule 1).

Rule 5: Never get caught.

In the world of covert ops and fieldcraft this is a golden rule: you never get caught. Bad things happen if you do.

In the red team world if you get caught you failed. If they discovered your backdoor you are done. If they caught you trying to walk through the main entrance of your target, you failed.

Great care should be taken not to get caught.

Rule 6: Keep your mouth shut.

OPSEC. It is important not just for national security, but if you talk to much about your tactics, the way you do things, your tools and your people then you damage your team. The blue team will prepare for this and you are done.

I will leave this here.

Rule 7: KISS: Keep it simple, stupid.

I said it many times before: The simpler the gear, the better it is. Your life depend on this.

This also translates to planning and tactics. The current Rule 9 is: A simple plan with a flexible blueprint will survive real world contact far better than a complex and rule-bound plan.

Simple things are easy to change when you need to. Simple plans will adapt better to the ever-changing conditions in the field.

So, when you have a plan start simplifying until nothing can be taken away anymore. The same with gear.

If there’s a question about if it’s necessary, remove it. Less is more and more is lazy. -Jason McCarthy, GORUCK founder

Rule 8: Simple and light equals freedom, agility and mobility.

Right there with Rule 7. I believe in being nimble. Being small and light allows you to move faster, more fluently. Being light allows you to be more efficient.

Packing gear for example, the heavier you are the slower you'll be. Do you really need all that gear? Can you go lighter? Can you use some of the gear for multiple things? Can you do it without it? In most cases you can.

The same applies to the team. You don't need a big team to be successful. You need the right team for that. The right people can perform at a higher level and be tasked with different things. Having a small team means it can adapt faster, that momentum can be stopped; if a 180 degree plan B needs to be executed then the team will not be crashed.

I recommend you read Getting Real by the people behind 37Signals.

Rule 9: Plan, execute and vanish.

Leave no trace. Plan your way in, execute it to the best of your abilities and leave, vanish.

If they don't know you where there, then they can't protect against you. If you are testing the target's blue team, the QRF or their security team this is key. You want to keep them guessing.

I'll leave this here, you know where this is going.

Rule 10: You don’t have to like it-you just have to do it.

Sometimes you have to do things that make no sense. Suck it up. Do it and be done with it. The faster you do it, the faster it'll be over.

Rule 11: Always invest in good quality stuff.

Having the right gear, the best gear, means you can trust it. This also means less headaches, less maintenance and less mental energy in having to research a new one.

Good quality stuff will perform when you need it.

Rule 12: Trust your gut.

Ah yes... The gut feeling. Sometimes you have the nagging feeling that something is not right, that you should be doing the exact opposite of what you and your team are doing. Listen to this. Your gut will let you know when a plan B is needed.

It also might save your life someday.

Thinking outside the box?

Dealing with ID badges