According to DoD, a Red Team is: "An independent, focused threat-based effort by an interdisciplinary, simulated adversary to expose and exploit vulnerabilities to improve IS security posture."
I want to point the interdisciplinary word.
A Red Team assessment is an authorized, adversary-based assessment for defensive purposes, performed by an interdisciplinary team of professionals. It may include:
- Collecting open source intelligence (OSINT)
- Performing reconnaissance or stake out operations on both the physical and digital realms
- Footprinting system, networks, and services
- Footprinting and profiling people, their behavior and online presence
- Footprinting the target service providers and external vendors
- Developing attack vectors
- Developing exploit payloads to gain entry and escalate privileges,
- Mounting social engineering attacks
- Developing backdoors, manipulate audit logs, sniffing networks and generally exploiting configuration errors
At the end, the Red Team will provide an extensive report to detail the problem areas to be addressed, provide solutions to address those issues, and work together with the defenders to train them and make them more resilient.
The key, though, remains in that word: interdisciplinary.
At the end of the day, a good Red Team is there to assume the role of an expert attacker to challenge assumptions, look for unexpected alternatives and find vulnerabilities in new ideas, policies, systems, people, and the intersection of all of that.
The more varied and interdisciplinary the team, the better it will achive its objective.