As the name implies a Red Team is a team. In the world of information and computer security it is comprised by a variety of experts in different areas. Each member can perform the other’s duty but each one has a specialty and he or she is responsible for it.

In the company I used to work for a few years ago we had a six men team, four members doing the actual work (we called them Alphas), one managing (called Six) and the director of the company as the overall commander (called Six Actual). We rotated through the management of the team so I would work as an Alpha on some projects or as a Six on others. This way we all learned to manage the team. The manager usually would set the initial plan (recon, digital or physical pentests, schedules, etc) but the team would have the ultimate word about the plan once more information was gathered.

Our team had people that were experts in: exploits or tool coding, networking, crypto, social engineering and perimeter security. Again, we could all do everything but some of the Alphas were really good at a specific activity. For example, I am a very good programmer and have experience coding low-level system code and exploits, however I’m not very good with Python, Ruby or other fast and light languages and scripts. These are needed during a pentest to write on the run attack tools, scan tools, exploits, etc. We had this guy, whom I’ll call Z, that was an expert in this. We would have a need for a tool that has to scan a webserver or find an FTP that we could use to upload files while on the field, he would grab his laptop and have the script ready in a matter of minutes. Z was really good at this. Then we had another guy, called Y, that could pick a lock in under 5 seconds or bypass alarm systems with pliers and a voltage sensor. We also had X, a gorgeous hacker female that loved to bruteforce passwords and crack codes and protocols. She would be usually our go-to girl for figuring ways to bypass login screens, prompts or analyze the stuff that was flowing back and for on a port belonging to a service we didn’t know. Finally we had W, he was a network wiz. He could figure out the way a network was mapped, how the routers, firewalls and other network appliances were set and configured. My speciality was in social engineering and finding and coding ways to extract the information once we were in, be it in the form of hidden channels on TCP packets or DNS requests, or by implementing backdoors or trojans that reported back to a server somewhere in the world. Since social engineering was my task I would be usually in charge or setting the ways in for our team and having all the contingency plans for the exfil as well.

It was a good team. We worked well together and we had fun doing it.