From 0 to red team — what does the red team do and when/why do I need one? presented at BSidesAtlanta 2020

by Nikolas Behar,


Summary : This talk will discuss what the red team does and the maturity level that an organization should have in order to truly gain value from a red team engagement. This important to discuss because red teams often do not provide as much value as a higher-level assessment (penetration test, vulnerability assessment) due to an organization’s lack of security maturity. Red team engagements are often requested by organization because it is a “buzz word” or “hot term” in security. After attending this talk, the audience will understand the difference between a vulnerability assessment, a penetration test, and a red team engagement. They will understand the maturity level that should be reached before engaging in any of the aforementioned assessment types. - Get to know your attack surface o What assets do you have? o What applications are in your environment? o What vulnerabilities are in your environment - Vulnerability Management o Allows for the discovery of assets o Helps discover areas of improvement o We can see some of weaknesses and what we need to patch o 2nd step on the journey to a red team engagement - Penetration testing o Allows an organization to discover weaknesses in their environment o Opportunity to test security controls o Ideally a blackbox test will be performed by a third party in order to get an independent perspective o Usually compliance driven o Security team often knows the test is in progress - Red Team/Advanced Adversary Simulation o Longer engagement o Often times only a handful of high-ranking execs will know about the engagement o Test blue team capabilities o Emulate advanced adversaries such as nation states o Objective driven o Need to have a mature security program in order to truly get value - Summary o Vuln vs Pen vs Red Team o Take aways