Introduction to Red Teaming

What is Redteaming

In fact there is no proper definition is available for Red teaming for example Red teaming is often used interchangeably with penetration testing even there is key difference in between them. As I said the term is not standardized but in some reference the term Red Teaming is defined as the process of using Tactics, Techniques, and Procedures (TTPs) to emulate a real-world threat with the goals of training and measuring the effectiveness of the people, processes, and technology used to defend an environment or it is the practice of looking at a problem or situation from the perspective of an adversary.

Why Redteaming

Red Teaming can be used to:

1. Measure the effectiveness of the people, processes, and technology used to defend a network.

2. Train and/or measure Blue teams ability to impact a threat.

3. Test and understand specific threats or threat scenarios Red team engagements can be designed to exercise custom scenarios. Scenarios can include zero-days, ransom-ware attacks, or other unique attacks.

Redteaming x Pentesting

Some of the key difference between Red Teaming and Penetration testing are:

Redteaming
Focused on achieving goals or an attack path to achieve the goal	Focused on Identifying maximum number of vulnerabilities
Assess people, processes and technologies	Assess vulnerabilities in the specified scope
Broad Scope	Pre-Defined Scope
Focus on stealth	Stealth is not a factor

Red Team Methodologies

One of the famous and most used framework is "Cyber Kill Chain" developed by Lockheed Martin.

There are other methodologies and framework such as

1. MITRE ATT & CK

2. CBEST Intelligence Led Testing

3. Adversarial Attack Simulation Exercise

4. TIBER-EU

Red Team Report Template

You can find a good sample report of red team from here.

1. https://redteam.guide/docs/Templates/report_template

References

1. https://redteamjournal.com/

2. https://redteam.guide/

3. https://www.lockheedmartin.com/