Book Review: Red Team – Development and Operations

Book Name: Red Team – Development And Operations
Author: Joe VEST & James TUBBERVILLE
Docs: https://redteam.guide/docs/
Topic: Red Teaming
Level: Advanced

Hi all!.. I’m here with a new book review. I’m interested in security topics like offensive security, red teaming, etc for a long time. Now we will cover an excellent book for this type of operation. Maybe you won’t be a god red teamer but you will learn lots of things and your mindset will be changing. You can see some mental questions in this book, I think that’s mean this book is not only about technical skills, will be cover mental skills and mindset too.

Book’s cover is very good and feels high quality, also papers too. Images, shapes, charts, etc. are well planned and placed. Authors are using these visual objects well to transfer knowledge to the reader. And general legibility is well but maybe some pictures would be better than now.

I want to continue with “What can you learn with this?”. Let’s start with content. Later that I will try to explain sections.

The Book starts with “How to use this book?” , “What is Red Team?”. The story will begin for you after that.

15,194 Introduction Photos - Free & Royalty-Free Stock Photos from  Dreamstime

Introduction

The story will be starting, you will learn general keywords. You will find answers to the “Why do Threats Succeed?”. Authors cover scenarios and back plan of the success in these scenarios, methods like human attacks, physical attacks, etc. Also, you will learn the differences between penetration tests, vulnerability assessments, red teaming operations.

Strategic planning: The winners way - PublicaTIC

Engagement Planning

If you perform a security operation, this can be a penetration test or red team it does not matter, you must be planned and disciplined. Always, lots of things should be clear; costs (Equipment, travel, etc.), effort, employees, duration especially “Rules of Engagement”. In this chapter, you will learn how to plan an operation zero to hero style. Also, you can learn the MITRE ATTACK framework, Threats, Actors, TTPs, terms, and really lots of things 🙂 I can’t write everything for briefly writing.

Inform, Plan, Execute

Engagement Execution

We started, planned, everything seems good. Now we must perform our art 🙂 “Answers for How can you store the execution data ?” question, logging; tips for scanning, taking notes, tools, tool examples, use cases, technical suggestions, etc. Hands-on hacking starts now.

Policy Dialogue: Value for Money in Water, Sanitation and Hygiene

Engagement Culmination

Sanitization and Cleanup, we perform some technical art for customers, we use tools or malware for doing that. We can clear all of them. If RoE contains “log clearance” you can clear logs, otherwise, you must not clear 🙂 This chapter will be important for you, especially if you are a newbie in the Cyber World.

The Importance of Reporting and Analysis

Engagement Reporting

If you can not explain your finding; you can not do your job well. Your first job is finding vulnerabilities/misconfigurations etc. This is done but if you can not describe this finding clearly, your customer can not fix this issue. And Blue Team side must know your TTPs for improving security posture and alerts. This chapter will cover charts, diagrams, advanced reporting techniques, etc.

File:Summarized.png - Wikimedia Commons

Summary, Conclusion and Appendix

In this chapter, the authors describe what you should do next. Red team scenario explanations, TTP examples, mindset challenges, you can find different things in this place.

Finally, I would say you will enjoy while reading this book. Your technical and soft skills will improve with this. Thanks to the authors for this excellent book and sharing knowledge 🙂

Thanks for your time and your interest.

Berk KIRAS – Cyber Security Consultant