Question from a reader
You've posted several times with people wanting to know where to go to learn about Red Teaming. What I haven't seen anyone ask is: How much time do you spend daily/weekly reading and learning about new technology, other Red Teams, OS's, networks/computer networking, and the like (even setting up test environments to try exploits and other items) versus working on a specific job/case? You post some outstanding material that comes from a variety of sources. Do you have a "regular" reading list of sites/blogs/etc? Any sources to avoid (or take with a large grain of salt)?
This is a great question or set of questions. Let me try to answer them.
First of all I try to read and learn about new technologies, exploits, etc every day. For about an hour I usually block calls, meetings, projects, etc and I sit reading several sites. These sites include other red teaming blogs, information security news and blogs, hacker's forums and generic news. There is a good list on the Archive page, but I'll list those I read the most:
- Dark Reading
- Small Wars Journal
- Red Team Journal
- SANS Pentesting Blog
- Room 362
- M-Unition Mandiant's blog
- Threat Level (generic news)
- Schneier on Security
- Zero Day (generic news)
- Security Affairs (generic news)
- Blogs of War (generic news)
- Covert Contact (news aggreator)
- 72 Hours of Security news (news aggregator)
And different hacker's forums.
I do set a day or two at the beginning of a project to properly set the working environment and learn the new technology (if any) that we would be testing or writing/testing exploits in. It also helps to keep the systems up to date with the latest OS's, software, etc. Sometimes the upgrade causes a whole lot of problems and you have to figure out what's wrong. You discover interesting things that you can then use on projects. It's a good exercise.
And then there are books. The blog has a Bookshelf page now. Check it out. I try to read technical books when I need to and we have a large collection of them, mostly for reference material. These include programming language hacks, different OS's, networking, hardware, databases, security, communications, lock picking, social engineering, etc.
The team members are encourange to read books where a mindset is clearly defined, like Blaber's The Mission, The Men and Me. These kinds of books provide a lot of knowledge that can be used to think outside the box. By the way, there is a mandatory list of books that each team member must read before he or she begins working for the team. I'll list those one day.
I hope I answered the question you had Robert.