Things, Tips and Thoughts

This post is a combination of several questions asked by readers.

Your team just got a big project. Now what? If you follow the 5 Phases of a Red Team Assessment, you'd notice you are in phase 1. Part of this phase is the initial planning based on the information you have. At the end of this limited planning session, you most likely will have the following documentation ready:

  • Rules of engagement (mostly for you, but you might be required to submit this to your customer)
  • Initial plan (a rough outline of how you will go about perforning the assessment and the extra information needed)

Make sure at this point you also have 2 very important things:

  • A signed contract (you can't red team legally without it)
  • The "get out of jail free" letters (for every member of your team)

Next comes recon. The most important part of the assesment.

On top of the gear you are going to use on the field, and setting up the computers and things you might need to gain access (digital and physical), we found it useful to have specific codewords for specific things that happen. This aids in communicating important things very quickly. For example, if we gain access to the target, we may say "blue gold", or if we see the person we are targetting arrive at a location, we may say "it rains". These codewords convey a lot of information in a very short phrase and help eliminating confusion and ambiguity.
During the recon, you might assign codewords to other things, like assigning specifc codewords to different people, systems you find during the digital recon scan, etc.

Finally, after careful recon and planning, comes execution.

Make sure you have a PACE for everything: don't trust your plan will work as expected. You are dealing with people, systems and other things that are not fixed. Have a plan B, a plan C and an emergency plan as well. Do not fail because you didn't account for all the potential things that can go wrong. Plan your contingencies as much as your main plan.

When in doubt, red team it. It's all about execution. If you fail to execute correctly, the rest was for nothing.

The Theory of Red Taming | Gotham Werx

The Five Modes of HACKthink | OODA Loop