Home    About   Rules    Books    Guide    FAQ    Ask
About: What are Red Teams? We're sort of like the special forces units of the security industry—highly skilled teams hired to break into the clients' own networks and premises. We find the security flaws so they can be patched before someone with more malicious plans gets in.
The goal of Red Team operations is to continuously challenge the plans, defensive measures and concepts of the organization. These exercises result in a better understanding of possible adversaries and help to improve counter measures against them and future threats.

AboutFAQ

I Want to Detect and Respond to Intruders But I Don't Know Where to Start!

Richard Bejtlich:

“I want to detect and respond to intruders but I don’t know where to start!” This is a common question. Maybe you have a new security role in an organization, or a new service or business in your current organization, or some other situation where you want to find and stop attackers. However, you have no idea where to begin. Do you have the data you need? If not, what should you add? What do intrusions look like in the data you collect?

[…]

Second, conduct a technical exercise where a third party simulates adversary actions. This is not exactly a pen test but it is the sort of work a red team conducts. Ask the red team to carry out the attacks you previously imagined to determine if you can detect and respond to their activity. This should be a controlled action, not an “anything goes” event. You will see whether the evidence and processes you identified in the first step help you detect and respond to the red team activity.

page 1 of 1