What is a Red Team? A red team is an independent group that is tasks to find potential vulnerabilities that challenges an organization. The red team plays the adversary using tactics, techniques, and procedures (TTPs) to penetrate the organizations defenses. For example, in cyber security a “hacker” would try to attack a military or civilian targets command and control using a TTP such as penetration testing to find a hole in the defense of a web site, operational logistics center, or critical infrastructure network. For example, a critical infrastructure may be the target of the adversary where important components an organizations survival may be “taken out” such as electricity, water, gas pipe, and Internet.
What is Red Team’s job? The 4D’s is destroy, deny, degrade, and disrupt. By using a combination of unconventional warfare tactics (military and civilian), the red team’s job is to use the 4D’s through cyber, humint, and tactical operations.
Why is this important? This security assessment is important for any organization that wants to stay ahead of threats that may impact an organization’s ability to function. By providing these assessments, we can spot potential vulnerabilities resulting in a “mitigation” assessment where a patch or solution can be provided before a threat happens.
What tools does Red Team use? A number of cyber tools includes penetration testing to scan for vulnerabilities into an adversaries’ network, malware such as viruses that infects the target’s computer, and backdoors to gain persistent access into the network. A list of these tools can be found here.