The Four Elements of Red Teaming
Why Thinking Like an Adversary?
Red Teaming, it the truest sense of it, it’s not static, like a good adversary, you have to adapt each time and remain fluid. Over the years, many people have tried, unsuccessfully, to create frameworks and checklists to “red team it”. But, as we’ve seen with pentesting, once you go this route, you become predictable. This is something a Red Teamer should avoid at all costs. Once you become predictable, you are no longer providing the right level of disruption that Red Teaming should bring to the world.
Once you follow a checklist, you are no longer mimicking attackers, you are just following and creating patterns. And patterns will make you fail. This doesn’t mean we, as Red Teamers, shouldn’t have a playbook, and use it to win. No. In fact, the more we can pre-game the game, the better we will perform, and the more successful we will be.
This is the reason behind the Four Elements of Red Teaming.
A Change of Mindset
Security is hard. The security world is full of things that are hard to control. Attacks can occur at any time and place, most of the time in places not of our choosing, and when the time is worst. These attacks usually involve adversaries of unknown size and capabilities, making it harder to have a fixed and solid plan to deal with them. These adversaries, during an active attack, can and will pivot from their initial point of entry or discovery, usually having more than one point of persistence.
Security is hard.
Back in 2009, when we opened the Digital Ops Group, we had this sort of plan we wanted to execute:
(1) Create awareness on what Red Teaming is. (2) Spread the adversarial mindset to domains other than security. (3) Create a company that can provide true adversarial services across many industries. (4) Create the biggest “professional bad guy” community.
We succeeded with (1) and (2) through blog posts, presentations, and a combined effort of several different Red Teamers that think like us.