LikelyMalware

The Red Teamer’s Path

Ah, red teamers. The badass cyber professionals we all know and love from every hollywood movie that can hack any system only when their hoodie is on.

Joke aside, the image of red teamers in our minds, or how most people know them as “the classic hackers”, is what actually draw a lot of cyber professionals to the industry in the first place.

In my profession i am a threat intel and a malware researcher and the first thing that came into my mind when people talked about cybersec before i started my career, is that every cyber security professional is a hacker. Eight years later, i can say for sure that it is simply not true.

But what red teamers actually do? what can we do to be a red teamer at some point in the future? are all red teamers criminals? In this blog i will try to answer these questions.

What Is a Red Teamer?

A Red Teamer is a professional who simulates cyberattacks, physical security breaches, or other types of adversarial activity against a company or organization, in order to identify vulnerabilities and weaknesses in their security posture.

Red Teamers typically work alongside Blue Teamers to help them improve their defenses and ensure that they are adequately prepared to prevent and respond to real-world attacks.

Red Teamers use various techniques, such as social engineering, penetration testing, and physical security testing, to simulate attacks and provide feedback on how to improve security.

Their goal is to uncover weaknesses that an attacker might exploit and provide recommendations to address them.

As you probably already understand, red team member is someone, that in simple words, can compromise an organization using a large arsenal that includes many tactics and tools; and when choosing the wrong side, we get highly dangerous individuals.

What Job Titles Suite to a Red Teamer?

A red teamer can go through many types of titles and work positions. Given the ideal scenario where a red teamer only uses his/her power to do good, they can go through work jobs such as:

  • Red Team OperatorThis one is pretty obvious by the name but nonetheless – A Red Team Operator is responsible for conducting offensive security operations and simulating adversarial attacks on an organization’s infrastructure, applications, and people.This is the more “classic” role for a red teamer, as the use tactics such as social engineering, penetration testing, and other techniques to identify vulnerabilities and weaknesses in an organization’s security landscape.
  • Penetration Tester:A Penetration Tester, also known as a “pentester,” is a cybersecurity professional who performs simulated attacks on an organization’s network and applications to identify vulnerabilities and weaknesses that could be exploited by attackers.They use a variety of tools and techniques to simulate real-world attacks and provide detailed reports on their findings.At first glance, it seems that pentester and red teamer is the same position. However, this is not the case. Pentester is mostly focusing on specific software failpoints such as certain apps and services the organization use, while red teamer is in charge of the whole operation and is targeting not only vulnerabilites but also, as mentioned, people, by using social engineering techniques. In addition, red teamer simulate and ongoing attack and not just setting a foot in the victim’s infrastructure, but also in charge of other steps such as lateral movement and data exfiltration.Overall, we can look at red team operator as a more “broad” position than a pentester.
  • Security Consultant:A Security Consultant provides expert advice and guidance on security issues to organizations.They work with clients to assess their security posture and identify areas of weakness, develop security strategies and policies, and help implement security solutions that meet their needs.They may specialize in specific areas of security such as network security, application security, or physical security.Overall, i would say that this position, is more an “experienced” one. as it may suite to a red teamers that is a veteran in this game and look for a less “hands on” position.
  • Security Auditor:A Security Auditor is responsible for reviewing an organization’s security policies, procedures, and controls to ensure that they meet industry standards and regulatory requirements.They may also perform security assessments and audits to identify vulnerabilities and weaknesses in an organization’s security posture, and provide recommendations for improvements.

Becoming a Red Teamer

Becoming a red teamer is not an easy task and there are some key element we need to invest in our personal growth that will help us get there.

A good red teamer is an internal student. They are in constant state of learning new things and keeping up with the industry’s trends.

As mentioned, there are some psychological matters as part of their work, so they have to understand how to read and approach people to apply social engineering techniques, whether if it’s in person or by a email, DM, social media, etc.

In addition, i don’t believe there is any title as “Junior Red Teamer”. Most of the red teamers i came across became red teamers after several positions with this nature. There are thousands of ways for us to become red teamers and there is no clear roadmap for that.

However, here are some topics and information that when learned properly, can help us achieve that goal:

  1. Fundamentals of Networking: Learn the basics of TCP/IP, network protocols, and routing. Understand how data travels across networks and how to use network tools to analyze network traffic.
  2. OS Internals: Gain a deep understanding of operating system internals, file systems, and processes. Learn how to use command-line tools and system utilities to manage and secure operating systems such as Windows, Linux, and macOS.
  3. Programming and Scripting: Learn a programming language such as Python, Ruby, or PowerShell to automate tasks and perform security assessments. Familiarize yourself with scripting languages such as Bash or PowerShell to automate repetitive tasks.
  4. Web Application Security: Learn about web application security vulnerabilities such as SQL injection, cross-site scripting (XSS), and CSRF. Learn how to use web application scanners, proxies, and fuzzers to identify and exploit these vulnerabilities.
  5. Penetration Testing: Learn how to conduct penetration tests, including reconnaissance, scanning, enumeration, and exploitation. Familiarize yourself with tools such as Nmap, Metasploit, and Burp Suite.
  6. Social Engineering: Learn the art of social engineering and how to use it to gain unauthorized access to systems and data. Familiarize yourself with phishing, pretexting, and other social engineering techniques.
  7. Cryptography: Gain a deep understanding of cryptography and how it’s used to secure data in transit and at rest. Learn about encryption algorithms, digital signatures, and key management.
  8. Reverse Engineering: Learn how to reverse engineer software and firmware to identify vulnerabilities and weaknesses. Familiarize yourself with tools such as IDA Pro, Ghidra, and Binary Ninja.
  9. Red Team Operations: Learn about the tactics, techniques, and procedures (TTPs) used by Red Teams to simulate real-world attacks. Familiarize yourself with the MITRE ATT&CK framework and the Red Team Operations methodology.
  10. Communication and Reporting: Develop strong communication skills and learn how to write clear and concise reports that summarize your findings and provide actionable recommendations to improve an organization’s security posture.

Conclusions

To conclude, the red team road is probably one of the toughest professions you can master. It is a road that includes constant effort to become better and to be truly unique at what you do.

When observing the topics and subjects we need, you can make an entire career my mastering only one of them, so it is a tough mission to master them all and combining them all into one purpose.

Also, in my opinion, being a red team is one of the most rewarding positions out there and the effort worth it, both in challenge and financial.

Good luck!

To top