The Red Team Manifesto | Reciprocal Strategies

Red Teams
Rules, red teaming

A great addition to the Red Teaming world by Mark Mateski at Reciprocal Strategies.

I’m a red teamer:

  • I ask questions even when the answer seems obvious.
  • I speak the truth as I understand it.
  • I protect my clients from their adversaries and from themselves.

Go read the entire post. It blends nicely with our own Rules of Red Teaming:

  • 1: The purpose of a Red Team is to become the adversary, to be the worst case scenario.
  • 2: People lacking imagination, skepticism, and a perverse sense of humor should not work as a Red Teamer.
  • 3: Red Teaming is mostly about paying attention.
  • 4: Understand the thing you are Red Teaming, If you don't, the results will be poor. Spend time learning.
  • 5: Don't play by the rules. Make your own and adapt.
  • 6: If you’re happy with your plan, you are not doing it right.
    1. The efficacy of security is determined more by what is done wrong than by what is done right.
  • 7a: Build on this. The bad guys typically attack deliberately and intelligently, not randomly. Mimic that.
  • 8: A Red Team is most vulnerable to detection and disruption just prior to an attack. Don't make mistakes.
  • 9: If you're not failing when you're training, you're not learning anything.
  • 10: There are an unlimited number of security vulnerabilities for a given system, program, or plans, most of which will never be discovered. Tap into that.
  • 11: When in doubt, Red Team it.
  • 12: We are never prepared for what we expect.
  • 12a: During a stressful moment, take a step back and look at the whole system. Analyze whether this is real stress or a deception by the defenders.
  • 12b: Act, don't react. Plan 2-3 steps ahead.
  • 13: The solution is in the problem. “When in doubt, develop the situation.”
  • 14: The more sophisticated the technology, the more vulnerable it is to primitive attacks. People often overlook the obvious.
  • 14a: Most organizations will ignore or seriously underestimate the threat from insiders. That's your in.
  • 15: Make it asymmetrical. Advantage-stacking is your friend..
  • 16: Remember PACE: Primary, Alternate, Contingency and Emergency. Always have a PACE for everything.
  • 17: Use ACTE: Assess the situation; Create a simple plan; Take action and Evaluate your progress.
  • 18: If there’s a question about if it’s necessary, remove it. KISS.
  • 18a: Stay small. Stay light.
  • 19: Don’t become predictable.
  • 20: Prioritize and execute.

Question from a Reader: Building a Red Team

Quote of the day