Chapter 2: Red Teaming Process
Red Team operations begin with the planning phase. During this phase, you and the Red Teamers will define the goals of the pentest, the rules of engagement, how long the test should last, and whether you want your pentest to be visible as an attack across your organization or in secret. Some companies prefer their staff doesn’t know that there is a pentest happening. Others wish to simulate a real attack to test how their organization responds.
Once the assessment's guidelines have been defined, the team can begin organizing its strategy. Establishing these details before the assessment helps save time and avoid unforeseen repercussions.
During this phase, the pentesters start identifying and exploiting vulnerabilities through a series of "attacks." Social engineering and web application attacks are two of the most frequently utilized methods because they are the approaches regularly employed by actual threat actors. However, the precise methodologies the pentesters use depend on the guidelines set in the planning phase and vary by vendor.
Here are a few effective methodologies pentesters may use in the attack phase:
Reconnaissance AKA Open-Source Intelligence (OSINT)
Reconnaissance, or OSINT, is the pentesting method of gathering knowledge about your systems and network. Gathering intelligence offers invaluable insights that aid in creating a complete understanding of the pentest target.
Various types of data may be collected during the reconnaissance part of the attack phase. This includes, though is not limited to:
- Domain information
- Network services and topology
- IP addresses
Scanning is a pentesting method used to find and identify vulnerabilities across your network and systems. Through scanning, testers can learn how the target responds to various attacks and spot any vulnerabilities that could be exploited.
Getting system access is the process of breaching your system's security utilizing techniques like social engineering, internal and external network hacking, password spraying, and more.
Blue Team vs. Red Team
Red Team cybersecurity operations take a team of ethical offensive hackers (The Red Team) that engage in attacks against a target with a team that’s defending it (The Blue Team).