What Is the Red Team?

The Red Team that has the primary responsibility of launching an “ethical based” Cyber-attack against the defense perimeters of a business or a corporation in order to uncover its true Security vulnerabilities, weaknesses, and holes.  But it is important to note here that the Red Team is not particularly interested in what is being attacked, they are much more interested instead on the access methods to get those targets.

The Red Team will use a large amount of creativity and even use techniques one many never even have heard of.  Remember, the goal of the Red Team is to not just attack your lines of defense, but breach them through each and every means that are available at their disposal.  To do this, they will think and act just like the real Cyber attacker, but very often come up with ideas on their own as well.

When a Red Team engages in its mock Cyber-attacks, they very often do not ask for a specific list of targets to hit.  Rather, they are also interested in those systems in your IT Infrastructure that are “out of scope” as well.  As a result, this gives the Red Team a much broader set of permutations to examine.  Because of this, the Red Team will “. . . find vulnerabilities that stem from cultural bias in system design, flawed conclusions, or the limitations and expectations of an insider perspective.”  (SOURCE:  5).

It is also important to keep in mind that if a Red Team is instilled into it a broad scope and purpose by the client, they will use any and all Cyber-attack techniques that they think of, instead of just using the traditional attack methods.  For instance, the Red Team could:

  • Offsite reconnaissance;
  • Conduct remote access network Penetration Testing schemes;
  • Conduct a covert site audit after they have broken through the lines of defense and have gained access to mission critical systems;
  • Even launch Social Engineering attacks against your employees in order to launch a secondary attack such as a Spear Phishing campaign or Business Email Compromise.

In other words, from their toolset, the Red Team will try both the conventional as well as the unconventional techniques in order to break your lines of defense.  Remember, by utilizing this kind of approach, your business entity will be exposed to just about each and every kind of Cyber attack that is known thus far.  As a result, because of this, your Cyber threat modeling capabilities will be that much more sophisticated and robust to use, with all of the new information and data that you have been given.

It is important to note that Red Teams often make use of a methodology known as the “Layered Approach”.  With this, multiple attempts are utilized in order to break through the lines of defense at the business entity.  These attempts are not done successively, rather they are done simultaneously, in order to cause the highest levels of confusion and mayhem for the Blue Team.

For example, one part of the Red Team may try to hack into the password database, while at the same time, another part of the Red Team could try to gain access to the main entry of the organization by using covertly replicated access cards.

It is important to note that effective Red Team Testing just does not happen over a period of 2 weeks.  It can take up to a year to examine what to hit, as a real Cyber attacker these days will take their own time as well in determining and researching their targets.

A primary advantage of having a Red Team conduct your Penetration Testing is that they will offer an unbiased, holistic view of the weaknesses not only in your IT Infrastructure, but also amongst your employees and the physical conditions of your office location(s).

Unless they are specifically directed by the client, a Red Team really does not have a defined methodology in order to conduct their Penetration Testing exercises.  In the end, their goal is to try to gain access into just about everything imaginable at the business or corporation.

Conclusions

Our next blog will examine further the Purple Team, which is a combination of both the Blue Team and the Red Team.