X
Število kibernetskih napadov se je v zadnjem letu podvojilo. Vas zanima, kako se jim lahko izognete? Postanite del naše skupnosti.
In the last year, the number of cyberattacks doubled compared to the year before. Do you want to repel potential threats? Join our community.
  • Skip to primary navigation
  • Skip to main content
  • Skip to footer
Carbonsec – Cybersecurity Consultancy Services Company

Carbonsec - Cybersecurity Consultancy Services Company

Cybersecurity services for businesses to be hackerproof, because it sucks to waste unnecessary time dealing with cyber criminals instead of focusing on business.

  • Services
    • DDoS test
    • Penetration test
    • Red Teaming
    • ICS Security
    • Cybersecurity Consulting
    • Secure Static Code Review
  • Solutions
    • Pentera Automated Penetration Testing Solution
    • Breach and Attack Simulation (BAS)
    • Simulated phishing attacks
    • Free Tools
  • Training
    • Security Awareness Training
    • Security for Developers
    • Purple Team Coaching
  • News
    • News
    • Blog
  • Company
    • About Us
    • Leadership Team
    • Careers
    • Partners
  • Contact
  • SLO
  • Email
  • Facebook
  • LinkedIn

What’s Red Teaming? Is it a pentest?

31. January, 2020 by Matjaž Kosem

Hey, man, what’s Red Teaming? Is it a pentest?

The phrase “Red Teaming” has been increasingly mentioned in cybersecurity discussions. It sounds interesting, somewhat mysterious, contemporary, and offers a wide range of possible explanations for what it should actually mean.

As I have repeatedly come across different opinions in my discussions with colleagues in the field, it seemed appropriate to try to cover this topic.

So, let’s try to explain the difference between the Intrusion Test and Red Teaming, and what is the added value of one or the other. Both are security checks.

Let’s go back to the roots: How to test?

Ej stari, kaj je to Red Teaming? Pentest?

Although many contractors opt for techniques and practices that are otherwise the result of their own experience, the implementation of a security test has a certain advantage over a methodologically regulated approach – consistency, repeatability, and efficiency.

In the world of security auditing, the reference is the OSSTMM methodology. OSSTMM is a peer-reviewed methodology for systematically performing security tests using metrics, and as such provides a comprehensive framework that can be adapted to any type of security testing.The beauty of the OSSTMM methodology begins with determining the type of inspection itself and ensures that the contractor (hereinafter referred to as the “attacker”) understands the needs of the contracting authority (hereinafter “the target”).

Picture 1: OSSTMM, Common Test Types

The methodology proposes six different types of security testing approaches that depend on the attacker’s initial awareness of the target and the target’s awareness that the test will occur (picture 1). For example, “Double Blind” means that the Attacker knows nothing about the Target which on the other side isn’t aware of the test. We will focus on two tests here: the Blind test and the Reversal test.

Blind Test – In this mode, the attacker knows nothing about the target, but the target is ready and expecting the test. This type of test is best suited to test the attacker’s ability.

Reverse Test – the attacker has complete insight into the target, and the target knows nothing about the test. This type of test is intended to test the target’s readiness for attacks.

These two tests are diametrically opposite in their purpose. The first one tests the tester’s experience and quality of security controls, and comes closest to the classic penetration test, while the second tests the organization’s readiness for an unannounced attack attempt, and according to OSSTMM authors, is most commonly referred to as “Red Team Exercise.”

A penetration test or pentest, is a simulation of an attack on a system in order to prove the vulnerability of the system in the event of a real attack. It checks the effectiveness of security controls. Since the concept of penetration testing often refers to vulnerability assessment, it is worth pointing out a significant difference here. The task of the pentester is to actually perform an “unauthorized” action (gain management access, change the digital record of information, etc.), while the task of assessing vulnerability is to identify areas where the system could be at risk of being attacked by an attacker. As soon as the vulnerability assessor identifies the vulnerability, he stops and no longer interferes with the system, while the pentester tries to exploit the identified vulnerability, which is the core of the penetration test.

“Red Team” comes from military terminology, most often in correlation with “Blue Team”. For some time now, military strategists realized that defense against the enemy will be even better if you occasionally test simulating an attack that points out any weak points. In the world of cybersecurity, the Blue is the defensive side, typically members of the SOC team, constantly monitoring and responding to potentially harmful cyber activities. They are of reactive nature, waiting for something to happen. Unlike the Blue, Red Team is extremely proactive, simulates real attacks and tries to bypass defense without being detected. The job of the Red Team is to find gaps in defense in order to improve Blue Team’s ability to detect intrusion attempts.

So what is the difference between a Penetration test and Red Teaming? The goal of the pentester is to find out where the real technical flaws in cybersecurity are, and to reduce the attack surface to the lowest possible level, while the purpose of the Red Team is to literally train the Blue Team. Pentester helps improve cybersecurity, while Red Team tests and improves detection and response capabilities. Red Teaming encompasses a comprehensive understanding of cybersecurity management made up of people, processes and technology.

References:

  • https://www.isecom.org/OSSTMM.3.pdf
  • Prilagoditev metodologije penetracijskega testiranja povezanih vozil, Matjaž Kosem, 2016, magistrsko delo

Blog,  Red Teaming

Let’s work together

Get in touch with us and send some basic info about your project.

Get Quote

Footer

ABOUT

Cybersecurity services for businesses to be hackerproof, because it sucks to waste time dealing with cyber criminals instead of focusing on business.

  • Email
  • Facebook
  • LinkedIn

CONTACT

CARBONSEC Ltd.
Hacquetova ulica 8
1000 Ljubljana
Slovenia

info@carbonsec.com

QUICK LINKS

  • Join our community.
  • Blog
  • Terms & Conditions
  • Privacy Policy
  • Cookies

SERVICES

  • DDoS test
  • Penetration test
  • Red Teaming
  • ICS Security
  • Cybersecurity Consulting
  • Secure Static Code Review
  • Training

Copyright © 2022 Carbonsec · Created by mod.si

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT