Note: this is a work in progress.
These are lessons learned during almost 15 years of Red Teaming. Keep an eye on the page as we add the text under each Rule.
Red Team engagements deliver end-to-end realistic attack scenarios based on the organization's possible adversaries. The role of a good Red Team is to attack using the same steps and TTPs as an adversary, often creating new attack methodologies in order to adapt to the ever changing realities on the ground.
By planning for the worst-case scenarios, leaders can understand and address the risks in every aspect of their business, and organizations can develop and realistically test their defense and detection capabilities, and significantly improve responses associated with security incidents that look and feel like the real thing.
It's all about the mindset. You can be an expert in different fields related to or in support of Red Teaming, however if you can’t think outside the box (actually understand that there is no box), if you can’t find ways to bend the rules, to think like a bad guy, to social engineer your target, to cheat and to really want to find a way to succeed, then you won’t be able to work as a Red Teamer..
Red Teaming provide alternative and adversarial analysis of plans, operational orders and tactical decisions. Like an adversary, it identifies patterns that lead to vulnerabilities and often expose alternative ways to examine the breaking point of policies and plans. For this to happen, Red Teamers need to remain open, never discarding something at face value without checking every possible angle.
Stop, look and listen. Collect information, study your target and connect the dots. Only then, make a decision.
You have to immerse yourself in what you are Red Teaming. You have to learn and remain flexible to adsorb knowledge in an agile and useful way. The more you can do this, the better will be the results on your engagement. You need to know what you are Red Teaming.
Assess the situation, solutions naturally evolve when you know what you are dealing with.