The team - The mindset

It’s 2 A.M. at a major industrial facility, and about 20 yards from the rear perimeter, two figures dressed in full camouflage gear are slinking along the tree line just outside the plant fence. They’re wearing backpacks and carrying various paraphernalia, pausing occasionally to peer through night vision monoculars to scan the plant perimeter.

Suddenly, a plant guard patrol vehicle rounds the corner of a building, its headlights shining in the direction of the pair. Both quickly drop, falling on their bellies in the mud and standing water from the previous night’s rain. The guard vehicle passes, and the pair remain undetected.

I've been in the situation described above many times. It's part of the job.

The quoted text that opened this post came from the article Anatomy of a Red Team Attack and beyond being a fun read it presents also the mindset of the Red Team members.

In order to succeed on the world of penetration testing, security and red teaming you not only have to have the technical knowledge required but also the mindset of an adversary. You have to think outside the box, you have to be able to see the whole picture and find there the most vulnerable points, even when they are not the most obvious. Yes, you also have to be a bit evil (in a good way).

Red Team members are usually very good in reading people, reading trends, reading data and their connections. More often than not, open source intelligence collection is the only source of information you have and it can be really complex and time consuming to sort through all that (even with software helping you). Red Team members also need to be able to control their emotions: fear, excitement and disappointment. It's nerve racking to approach a person, look him in the eye and manipulate him in a way that will allow you to bypass a security check point or, talk your way out of a potential hostile and armed guard that is suspecting you shouldn't be there. It is also stressful when you spend days and days trying to figure out a weak point in their networks or application and you can't find anything. It just makes you mad! You have to be able to control all that and stay focused.

Sometimes it takes a black hat hacker mindset to be able to perform. Some others the way a cat burglar would think. The world of red teaming is very, very dynamic.

It is also important to stress the word team in Red Team. It is a team. One composed of people with different skills and mindsets, but with one goal in mind.

A Red Team test is basically an all-out attempt to gain access to the client’s systems, whether it be completely through the network from a remote location, or by gaining physical access at one of their sites that is networked together

In today's complicated security world, where different vendors try to sell you the best automated security device, it is more important than ever to perform penetration tests performed by highly experienced experts. It doesn't matter how good a product it, it cannot detect a single person working his way through the frontdesk and connecting a wireless router on a server room.

One thing that is important for companies to understand is that even if they have strong cyber controls, their physical security, or lack thereof, can also provide a huge attack vector into their process control networks.