Red Team Development and Operations

Jump to About the Authors

History and Origin

This book is the culmination of years of experience in the information technology and cybersecurity field. Components of this book have existed as rough notes, ideas, informal and formal processes developed and adopted by the authors as they led and executed red team engagements over many years. The concepts described in this book have been used to successfully plan, deliver, and perform professional red team engagements of all sizes and complexities. Some of these concepts were loosely documented and integrated into red team management processes, and much was kept as tribal knowledge. One of the first formal attempts to capture this information was the SANS SEC564 Red Team Operation and Threat Emulation course. This first effort was an attempt to document these ideas in a format usable by others. The authors have moved beyond SANS training and use this book to detail red team operations in a practical guide. The authors’ goal is to provide practical guidance to aid in the management and execution of professional red teams.

The term ‘Red Team’ is often confused in the cybersecurity space. The terms roots are based on military concepts that have slowly made their way into the commercial space. Numerous interpretations directly affect the scope and quality of today’s security engagements. This confusion has created unnecessary difficulty as organizations attempt to measure threats from the results of quality security assessments. You quickly understand the complexity of red teaming by performing a quick google search for the definition, or better yet, search through the numerous interpretations and opinions posted by security professionals on Twitter. This book was written to provide a practical solution to address this confusion. The Red Team concept requires a unique approach different from other security tests. It relies heavily on well-defined TTPs critical to the successful simulation of realistic threat and adversary techniques. Proper Red Team results are much more than just a list of flaws identified during other security tests. They provide a deeper understanding of how an organization would perform against an actual threat and determine where a security operation’s strengths and weaknesses exist.Whether you support a defensive or offensive role in security, understanding how Red Teams can be used to improve defenses is extremely valuable. Organizations spend a great deal of time and money on the security of their systems. It is critical to have professionals who understand the threat and can effectively and efficiently operate their tools and techniques safely and professionally. This book will provide you with the real-world guidance needed to manage and operate a professional Red Team, conduct quality engagements, understand the role a Red Team plays in security operations. You will explore Red Team concepts in-depth, gain an understanding of the fundamentals of threat emulation, and understand tools needed you reinforce your organization’s security posture.

About the Author: Joe Vest

Driven by his curiosity, perseverance, and passion for technology, Joe Vest’s mantra for his work and teaching is: “Often the journey of an experience can be as valuable as the end.” Joe has than 17 years of experience in red teaming, penetration testing, and application security. Experience ranges from authoring and instructing the first SANS red team course, to owning and operating a security consulting company, to acting as technical lead for a DOD red team. He has worked in numerous commercial sectors, which has given him extensive knowledge of cyber threats, tools, and tactics, including threat emulation and threat detection. Today, Joe is the director of training and internal services at SpecterOps where he uses his experience in red team operations, cyber threat analysis, cyber threat emulation and replication, application security, vulnerability assessment and mitigation, and incident mitigation to train and educate. Joe has a variety of professional certifications. When he’s not teaching or evangelizing about cybersecurity, you’ll find Joe out skate boarding or paddle boarding with his son.

Follow Joe on Twitter!

Click here …

About the Authors

About the Author: James Tubberville

James Tubberville has held a number of technical positions and management roles over a 19+ year career focused on system, network, application and information security. James is a former member and lead for a NSA certified Red Team and has conducted threat computer network operations, red teaming, penetration testing, and physical security assessments for a variety of commercial and government customers . He specializes in red teaming, cyber threat analysis, and threat mitigation. As a security professional, James has achieved numerous information technology and security related certifications and awards.

Follow James on Twitter!

Click here …

Follow Joe on LinkedIn!

Click here …

Follow James on LinkedIn!

Click here …