Red team checklist
About the checklist
This set of checklists is intended to be a start to help plan and build a red team. Each design may have additional requirements. Use this as a starting point and modify as you see fit.
Red Team Development Checklist
- ☐ Determine required knowledge and skills
- ☐ Identify and implement alternate methods for bridging knowledge gaps
- ☐ Develop roles and responsibilities guide
- ☐ Develop red team methodology
- ☐ Develop TTP guidance for engagements
- ☐ Includes Bag of tricks
- ☐ Develop data collection guide and tools
- ☐ Develop operational process plan
- ☐ Develop communication plan template
- ☐ Develop ROE template
- ☐ Develop technical briefing template
- ☐ Develop report template
Planning - Red Team Engagement Checklist
- ☐ Engagement Planning
- ☐ ROE
- ☐ Event Communication plan
- ☐ Distribute Deconfliction Process
- ☐ Entry point/method
- ☐ Scope
- ☐ Goals/Objectives (should address at least one of the following)
- ☐ Protect
- ☐ Detect
- ☐ Respond
- ☐ Restore
- ☐ Target Restrictions
- ☐ Target Infrastructure / Asset verification / Approvals
- ☐ Scenario Development
- ☐ Operational Impact planning
- ☐ ROE
- ☐ Develop threat profiles
- ☐ Network and Host Activity
- ☐ IOC Generation (incl subsequent Analysis) and Management
- ☐ Plan threat infrastructure
- ☐ Tier 1
- ☐ IPs
- ☐ Systems
- ☐ Redirectors
- ☐ PPS
- ☐ Tier 2
- ☐ IPs
- ☐ Systems
- ☐ Redirectors
- ☐ PPS
- ☐ Tier 3
- ☐ IPs
- ☐ Systems
- ☐ Redirectors
- ☐ PPS
- ☐ Deploy tools to infrastructure
- ☐ Tier 1
- ☐ Data collection repository
Execution - Red Team Engagement Checklist
- ☐ Daily completion and roll-up confirmation
- ☐ Capture logs
- ☐ Capture screenshots
- ☐ Capture system changes
- ☐ Daily (or twice daily) mandatory internal RT SITREP
- ☐ Update real-time attack diagram
Culmination - Red Team Engagement Checklist
- ☐ Engagement Closeout
- ☐ Roll up data
- ☐ Roll back system changes
- ☐ Validate data has been collected
- ☐ Outline critical attack diagram
- ☐ Technical Review (tech-on-tech)
- ☐ Executive Brief
- ☐ Reporting
- ☐ Draft attack narrative
- ☐ Draft observation and findings
- ☐ Finalize attack diagram
- ☐ Finalize report