The Red Team Mindset Begins With Your Attitude

The Red Team Mindset is one that provides unexpected solutions. When you act like an adversary you tend to think about ways to outsmart the security people. It is very important that your attitude is the right one.

Security plans and strategy sometimes are governed by what worked in the past and not by what might work in the future. Unless trained to think differently, a lot of the security professionals have a very well defined plan of action based on the past and on lists that other security professionals created. For example, perimeter security. They will add a fence, cameras on key areas, badge access and maybe a roaming patrol. This is all good, but are you also taking into account someone with access to a badge? Or someone social engineering the receptionist into adding him/her to a list of "expected" visitors? Is anyone looking at the cameras 24/7? Are you sure your cameras have been secured? Can an attacker tap into them? The questions continue on and on.

A lot of security measures are good only after the attack.

For a red teamer, sometimes things that seem impossible are the right way to go. So, if the only way to access the perimeter is that gate at the fence because everything else is being monitored by cameras and sensors, then I know the defenders' focus will be on that gate. I would not chose that gate as an entry point, I would go through the fence. How? That's another story. But The fence seems the logical way to go. Why? Because the defenders think it's sufficiently secure. There lies their vulnerability.

Your attitude is key. You really need to believe you are an adversary. One that really wants what the defenders are trying to keep safe. With that attitude and with experience, you can find ways around security measures, ways to disrupt the defenders, ways to trick them into following a ghost.

Ridiculous thinking is something you build with experience.

Have the right attitude.