Red Teams
About the Blog
This website focuses on awareness about what Red Teaming, and the adversarial mindset are. It presents examples, concepts, ideas and tips. All information is based on experience, past projects, and lessons learned by doing. Nothing is theory, we write about what works for us.
You will NOT find here full techniques, exploits, *hacking" tips, and other things that might aid in an attacker.
What is a Red Team
A real Red Team is a group of highly skilled professionals that mimic and simulate a real adversary. This team will research, investigate, learn and become the adversaries they are trying to portrait. They will also research the organization or thing they are trying to red team, understanding its culture, the industry or area they are located at, and what makes them run.
By consciously working to assume the adversary's role, a "thinking enemy", a Red Team can provide a realistic view of how a new idea, plan or approach can perform in the real world, helping leaders to understand and address the risks in every aspect of the business, and providing unorthodox views on problems and their solutions.
How is this different from a Pentest?
Adversaries use a broad spectrum of tools and tactics to compromise security, and tp exploit weaknesses at many levels. A good Red Team does the same. Red Teams test the entire security posture of the organization: physical, digital and social, using any and all techniques. A mature organization, or one that has built-in resiliency, would address security as the systematic integration for the protection of all assets: people, products, culture, strategy, information, and property. Fail to account for either, and the security program might not survive a real world attack.
When used effectively, a Red Team doesn't just help security organizations find vulnerabilities in their environments, it also helps organizations prove the need for changes in plans and strategies. Red Teaming mimics the tactics, techniques and procedures of real attackers, where the organization or company as a whole is learned and analyzed, and not just the area that was scoped to be tested, like in a normal pentesting engagement.
One of the biggest benefits of understanding how the adversary plans, is that it helps not only to be prepared, but also look inward and see whether the chosen solutions and controls would work. Attacks don’t simply come out of nowhere because attackers don’t simply just attack. Adversarial actions are the result of planning. Understand this planning, this mindset, and you'll be able to understand yourself better as well.
A Red Team provides alternative and adversarial analysis of plans, operational orders and tactical decisions as well. Like an adversary, the Team identifies patterns that lead to vulnerabilities in the strategy, and often expose alternative ways to examine the breaking point of policies and plans.
The Mindset
Adversaries don’t play by any rules. Attackers adapt and learn from their failures. A good Red Team then has to adapt and play by the same rules of the adversary, in other words: no rules. Red Teams can solve problems through an indirect and creative approach, using reasoning that is not immediately obvious, and involving ideas that may not be obtainable by using only traditional step-by-step logic.
Red Team members think outside the box. They look at a problem from multiple perspectives at the same time, often probing the different sides of a problem - or solution - that was never considered. Red Teams recognize contingencies and bring them to the forefront of analysis by asking the right questions and challenging underlying assumptions.