What Is a Red Team?

In this video, we’re going to be talking about what is a Red Team? Now, Red Team may seem like a strange reference for some people. There are different teams out there. There’s Red Teams. There’s Blue Teams - both of which were going to be getting into. There’s also other teams that were developed later, things like Purple Team and Tiger Team. We’re not going to be getting into them. The core of this type of teams are going to be red and Blue. But let’s talk about Red Team. So a typical network will try to keep out a malicious attacker. They’ll have a firewall.

They’ll typically have an antivirus, probably some sort of monitoring software in order to protect their servers, or critical files, and their overall infrastructure. Now, the problem is a malicious hacker, if they’re good or even a unwitting person working for your company, or it could be a malicious person working for your company, an insider attack, won’t be able to circumvent all of this. Now, that’s not great, obviously. And even though you got all these different defences in place, which are supposed to stop people, again, a good malicious hacker, or a lucky malicious hacker, will be able to bypass all of this. And this is really critical. This is critical that we figure out how to stop this.

So what can we do in order to stop this? Well, we could do the usual things. We could do user auditing, monitor active users, monitor inactive users, look for unusual user accounts that shouldn’t be there. We can implement training, keep users up-to-date on not only different attacks that are coming out, but also the company policies that should be changing as things grow or as things need to be changed. System patching, keeping up with critical updates, firmware updates, shutting down any unneeded services, removing programs that aren’t needed anymore, keeping your servers, switches, wireless access points, your workstations, et cetera all up-to-date. Logs, viewing and auditing your system log files and looking for strange activities - all of this is very important.

Even if you have a Red Team, a Blue Team, both teams, you do want to absolutely keep up with all of this. This is all baseline stuff you can do to protect yourself. However, this is always enough to protect your network. Especially when we consider things like, well, USB drops, cables that look like phone chargers that are actually malicious tools that can inject keystrokes into your network. And we talked about all these previously. Social engineering. Social engineering, again, a very powerful attack. And there’s really no patch for it. There’s no antivirus or intrusion detection or prevention system that I’m aware of that will stop a social engineering attack - viruses, malware, your typical viruses, your ransomware, et cetera.

Things like scareware is still going to be a thing. And as things progress, they’ll probably get lucky and get through an antivirus, for example, once or twice. That’s all it takes to get through whatever protection system you have and the user clicks it once. Critical flaws. Things like VMware had a critical flaw on their corporate server. So even if you do your due diligence, there are vulnerabilities coming out and being discovered all the time. So until the company actually patches it, there’s not a whole lot you could do about this. So this is kind of where Red Teams come in handy. A Red Team is a individual or individuals that tends to network posing as a malicious hacker.

A Red Team’s job is to use the same tools and techniques as a malicious hacker to gain network access, obtain critical files, circumvent security measures, et cetera. And of course, it’s all going to be within predetermined guidelines. After all, a Red Team member does work for your corporation or your company, whatnot. Whether they’re permanent staff or if you’re contracting them, they are working with you. So while the ultimate goal is to simulate a hacker break in and whatnot it’s not to really destroy files, to steal files, whatnot. They’re simulating a real attack. So Red Teams will break into your network using the same techniques and tools as a malicious hacker.

Again, however they ultimately are working for the same goals, securing your network from end users from a actual malicious attack. So that’s really important to you to get that across. Because when you bring up Red Teams to, say, management that don’t necessarily know network security, the idea of a Red Team may be scary and sound like a horrible idea. Why are we hiring hackers to break into our network? Well, again, they’re there working for you in order to test your network security, not only your workstations, your servers, your IPSs, your antivirus, et cetera, but also your users. And even going beyond that in some scopes. They may physically break into your building and test your door locks.

How your security measures are set up. Can someone tailgate in? Is there vulnerable entry points? Are your dumpsters exposed where you’re throwing out important information that can be used against you? Things like that. A Red Team’s scope will vary depending on what you want them to test.

So benefits. It’s going to depend on your organisation size. Is your organization large enough to have a Red Team? One benefit of having a Red Team is you can see how your staff and network hold up against real world attacks.

Doesn’t make sense to have a Red Team to test your network. So though a Red Team is trying to circumvent the security of your network that your team puts in place, they ultimately are on the same side. Now, do you want to have an in-house or contract. If that Red Team is something that makes sense, you need to determine if it’s going to be smarter to be in-house or contracted. And Red Teams can help test things like policy, security, network security, help run the company’s overall security awareness, and how to approach security.

So this was all about Red Teaming. In the next video, we’re going to be talking about what a Blue Team is. So thank you for watching. I’ll see you in the next video.