Skip to content

Red Teaming

What is Red Teaming?

Red Teaming is the process of using Tactics, Techniques, and Procedures (TTPs) to emulate a real-world threat with the goals of training and measuring the effectiveness of the people, processes, and technology used to defend an environment.

What does this mean? Red teaming is a goal oriented process driven by threat tactics. The focus is on training or measuring a blue team's ability to defend against this threat.

Red teaming is not a hunt for vulnerabilities, flaws, bugs, etc. The goal is on understanding security operations as a whole (people, processes, and technology). The result of a red team engagement may identify vulnerabilities, but more importantly, red teaming provides an understanding of blue's capabilities to impact a threat's ability to operate.

Why Red Team?

Measure the effectiveness of the people, processes, and technology used to defend a network. How do you know if blue TTPs are effective?

Train and/or measure Blue Teams ability to impact a threat Blue teams need practice. Better to practice on a helpful threat that a real one

Test and understand specific threats or threat scenarios Red team engagements can be designed to exercise custom scenarios. Scenarios can include zero-days, ransom-ware attacks, or other unique attacks.

Threat Get's a Vote

How often do security defenders ask the bad-guy how or what they will do? Many organization develop security defenses without fully understanding what is important to a threat. Red teaming provides defenders an understanding of how a threat operates in a safe controlled process.

Better to learn and practice with a Red Team than a real buy guy... anonymous blue teamer