Red Teams

About the Blog

The blog, redteams.net, brings awareness to what Red Teaming is, presenting examples, concepts, ideas and tips, and focusing on the Red Team Mindset. All of this is based on experience, past projects, and lessons learned by doing. Nothing is theory, we write what works for us.

You will NOT find here full techniques, exploits, *hacking" tips, and other things that might aid in an attacker. 

What is a Red Team

A Red Team is a group of highly skilled professionals that continuously challenge the plans, defensive measures and security concepts of an organization by emulating an adversary. In other words: a group of trained people that act as attackers. 
By consciously working to assume the adversary's role, a "thinking enemy", a Red Team can provide a realistic view of how a new idea, plan or approach can perform in the real world, helping leaders to understand and address the risks in every aspect of the business by providing unorthodox views on problems and their solutions.

How is this different from a Pentest?

Adversaries use a broad spectrum of tools and tactics to compromise security. A Red Team try to do the same. Red Teams test the entire security posture of the organization: physical, digital and social. When used effectively, a Red Team doesn't just help security organizations find vulnerabilities in their environments, it can also help organizations prove the need for changes in plans and strategies. Red Teaming mimics the tactics, techniques and procedures of real attackers, where the organization or company as a whole is learned and analyzed, and not just the area that was scoped to be tested, like in a normal pentesting engagement. 

One of the biggest benefits of understanding how the adversary plans, is that it helps not only to be prepared, but also look inward and see whether the chosen solutions and controls would work. Attacks don’t simply come out of nowhere because attackers don’t simply spring out of thin air. Adversarial actions are predicated on decisions made during planning. Understand this planning, this mindset, and you'll be able to understand yourself better as well.

A good Team can assist in sharpening the skills of the quick reaction team in charge of the defense against real-world attacks. The simulations carried out by Red Teams can provide IT personnel, network security teams, physical security organizations and government teams with a realistic view of what a possible attack might look like. This results in a better understanding of possible adversaries and help to improve counter measures against them. 

A Red Team provides alternative and adversarial analysis of plans, operational orders and tactical decisions as well. Like an adversary, the a Team identifies patterns that lead to vulnerabilities in the strategy and often expose alternative ways to examine the breaking point of policies and plans.
 

The Mindset

Adversaries don’t play by any rules. Attackers adapt and learn from their failures. A good Red Team then has to adapt and play by the same rules of the adversary, in other words: no rules. Red Teams can solve problems through an indirect and creative approach, using reasoning that is not immediately obvious and involving ideas that may not be obtainable by using only traditional step-by-step logic.

Red Team members think outside the box. They look at a problem from multiple perspectives at the same time, often probing the different sides of a problem - or solution - that was never considered.  Red Teams recognize contingencies and bring them to the forefront of analysis by asking the right questions and challenging underlying assumptions.

Note: Combining all the qualities of a Red Team and adding the fact that a Red Team is a great natural recon/surveillance tool, they can provide SOF units with much more than just adversarial services. They can provide on the field SIGINT, COMMINT and sometimes HUMINT capabilities.