EH-Net

Hello all,

well... I'm sure the answer to my question may be hanging around in old discussions in EH-Net but I have been unable to locate it...

Maybe someone can point me to the right direction? In general, all of the books I have purchased (GRAY HAT Hacking, Professional Penetration Testing, CEH Prep Guide) present no clear definition of what a Red Team is and does.

I assume that a Red Team is a group of PenTesters with separated tasks but with a common PenTest goal. Is that so?

This might help:

"Red team-blue team exercises take their name from their military antecedents. The idea is simple: One group of security pros--a red team--attacks something, and an opposing group--the blue team--defends it. Originally, the exercises were used by the military to test force-readiness."

http://www.sans.org/critical-security-controls/control.php?id=17

And here's a good explanation by the infamous Grendel  ;)
http://www.elsevierdirect.com/Phishwrap/Pen_Testing_and_Red_Team_by_Tom_Wilhilm.html

"The concept of a "Red Team " attack from a military perspective is to imitate potential threats and use the same vectors that the adversary would use during an attack. The problem with this terminology used in information security is that a Red Team project somehow tries to separate itself from the general concept of a "penetration test; " as if a Red Team assessment is somehow more than a pen test – more intensive, more advanced, or perhaps more effective in identifying and exploiting vulnerabilities within an organization’s network. To separate Red Team from the term "penetration testing, " proponents of the term "Red Team " distinguish Red Team efforts by restricting penetration testing to vulnerability verification without the ensuing enumeration component (or at least minimal enumeration). Opponents to the term believe that Red Team activities are already a subcomponent of penetration testing, and the attempt to separate Red Team from pen testing is simply a marketing ploy."

Wow Data_Raid, that was an excellent piece of information that you gave me here!

Thank you very much!

Now to add confusion. I worked as a contractor to a large company who supported an automotive company. *cough*eds*cough*gm*cough*.

Both groups used the term as part of the change control processes. A person would submit a change, and the rest of that person's team (Sys admins, network engineers, etc) would "red team" the change to make sure everything was right and not break when implemented.

just an opinion alright?! Have you guys watch @BurnNotice. same thing.

I watch burn notice, awesome show. And if you have seen tiger team (tv show) its kinda like red team too.

tiger team and red team are the same thing. and by my knowledge, Data_Raid hits the spot right on!