Red Team Development and Operations: Goal Planning

Red team goal planning guide

Creating and deciding Red Team engagement goals can be difficult. This is especially true for organizations new to Red Teaming. Whether you are on the delivery or receiving end of a Red Team engagement, the solid goals must be decided to have successful Red Team engagement. This document provides a list of common goals that work well in most Red Team engagements. They can be used as a starting point for planning. Modify and customize as needed. Each goal has a list of questions that can be answered as a narrative from the observations and measurements during a Red Team engagement.

Common Goals: Measure and observe …

A threat’s ability to access to common and restricted areas (physical)

  • What ability does a threat have to access common areas?
  • What ability does a threat have to access restricted areas?
  • Can a threat use access gained to enable cyber capabilities?
  • What impacts can a threat have through gained access?

A threat’s ability to access key/critical systems

  • Can a threat access key/critical systems?
  • What impacts can a threat have on key/critical systems?

A threat’s ability to move freely throughout a network

  • What ability does a threat have to freely move throughout a network?

A threat’s ability to gain domain wide and local administrative access?

  • What ability does a threat have to gain local administrative access?
  • What ability does a threat have to gain domain administrative access?
  • What ability does a threat have to gain elevated access?

A threat’s ability to access or identify sensitive information

  • What ability does a threat have to access sensitive information?
  • What ability does a threat have to identify sensitive information?

A threat’s ability to exfiltrate data outside an organization

  • What ability does a threat have to exfiltrate data outside an organization?
  • How much data must be exfiltrated to impact an organization?

A threat’s ability to act undetected for a given time frame

  • How long can a threat go undetected?
  • Can a threat achieve its goals undetected?
  • What must a threat do to stimulate a reaction from an organization?

A threat’s ability to perform operational impacts

  • What impacts can a threat perform against an organization?
  • How can a threat affect X?
Last modified January 21, 2020