Hi everyone I hope you are doing well and safe … This is my first blog post and I really want to dedicate it to a question that many people ...
Before we start talking about this concept I’d like to talk a little bit about the history of the word red team.
According to Micah Zenko book “Red Team How to Succeed by Thinking Like The Enemy”, within the Roman Catholic Church, the formal title was the Promotor Fidei or Promoter of the Faith. More commonly, the position became known within the Church and the laity as the Advocatus Diaboli, or Devil’s Advocate. The office of the Devil’s Advocate was the first established and routine use of “red teaming.” However, red teaming was not formally referred to as such by the US military until the Cold War, and it was only standardized in the 2000s.
A red team is a group of security experts that perform what we call red teaming exercises for a company. Red teaming is a structured process that seeks to better understand the interests, intentions, and capability of an enemy through a simulation, vulnerability probes.
Actually, the red team concept was created to correct the old and wrong mindset of security defense. Let’s take phishing as an example. If a company was compromised by a phishing attack, the first person that will be blamed is the end-user. Some people may say that the insufficient education of that end-user is the reason behind this. Education is only a part of the defense in the security operation. The security of a company must not count on the user click or not.
Others may think that treats only use exploits, and this is far from the truth. Patch management is an essential factor in a comprehensive security program that helps with attack surface reduction. Threats understand this and get more creative will attacking a target.
Therefore, if the company was compromised by a phishing attack, this means that the security controls are not well made.
The red team concept was created to solve this dilemma, by using tactics, techniques, and Procedures to emulate a real-world threat with the goals of training and measuring the effectiveness of the people, processes, and technology used to defend an environment.
the objectives of a Red teaming exercices change from a mission to another, but basically they turn a round this :
The vulnerabilities and weaknesses identified during an assessment are not the main focus of the Red Team. Actually, they try to provide insight into a target’s detection and response capabilities. It exercises the relationship between its incident response and threat hunting teams by testing network defenders and their tools in ways that cannot be achieved through traditional threat intelligence, literature, or structured testing.
|Penetration Test||Red team|
|Find and exploit vulnerabilities||Identify physical, hardware, software, and human vulnerabilities|
|Determine the risk of architecture vulnerabilities||Test the organization’s detection and response capabilities|
|Focuses on the used methods||Focuses on the objectives of an attack|
|Takes less time than the red teaming||Takes longer to complete|
|Less realistic||More realistic|
Written by: Z. Oualid
I am a Cyber Security Expert, I have worked with many companies around the globe to secure their applications and their networks. I am certified OSCP and OSCE which are the most recognized and hard technical certifications in the industry of cybersecurity. I am also a Certifed Ethical hacker (CEH). I hope you enjoy my articles :).
In the intricate landscape of cybersecurity, understanding the concept of malware artifacts is paramount for safeguarding digital environments. All malwares has their own digitale signature that is represented by their [...]