Applying 4 Ways of Seeing to red team operations
Learn how the 4 Ways of Seeing technique can be used for red team operations to understand security threats from multiple perspectives.
The 4 Ways of Seeing technique is a structured approach used in various fields, including business, intelligence, and red teaming, to analyze situations from multiple perspectives. This technique helps in uncovering blind spots, identifying vulnerabilities, and understanding different viewpoints.
In cyber red teaming, this technique can be adapted to assess security from multiple perspectives. Red teams can use it to identify misalignment between perceived and actual security, improve threat modeling, and refine adversarial simulations.
Follow my journey of 100 Days of Red Team on WhatsApp, Telegram or Discord.
It involves looking at a situation from four distinct angles:
How we see ourselves - This perspective represents how an organization perceives its security posture. Security teams may believe their defenses are strong because they have implemented firewalls, endpoint security, and monitoring tools. However, this perception may not align with reality, as attackers often find unconventional ways to bypass these defenses.
How we see others - This perspective involves analyzing the tactics, techniques, and procedures (TTPs) of threat actors. Organizations often profile their adversaries to predict potential attack vectors. If a red team assumes that an attacker will use phishing as their primary method, they might focus on email security and user awareness training.
How others see themselves - This is the adversary’s self-perception. Attackers view their own capabilities, resources, and motivations based on their skill sets, tools, and objectives. Understanding this perspective helps defenders anticipate moves and preempt attacks by thinking like an attacker.
How others see us - This perspective represents how external adversaries, such as cybercriminals, competitors, or nation-state actors view an organization. Adversaries may see an organization as a high-value target with exploitable vulnerabilities.
To illustrate this technique, consider a financial institution conducting a red team exercise. The organization believes its online banking system is secure (how they see themselves). However, from an attacker’s perspective (how others see them), the bank's API has weak authentication controls. The bank assumes that attackers will primarily target customer credentials (how they see others), but attackers might instead exploit vulnerabilities in third-party integrations (how attackers see themselves).
One key benefit is that it helps organizations develop a more realistic understanding of threats, enabling them to allocate resources effectively and enhance defensive strategies.
Red Team Notes
- The 4 Ways of Seeing technique helps in analyzing situations from multiple perspectives.
- How we see ourselves - How an organization view its own security posture?
- How we see others - How an organization view its external adversaries?
- How others see themselves - How external adversaries view their own capabilities and motivations?
- How others see us - How external adversaries view the security posture of an organization?
- In cyber red teaming, this technique enhances threat modeling, helps identify misalignment between perceived and actual security, and improves adversarial simulations.
Follow my journey of 100 Days of Red Team on WhatsApp, Telegram or Discord.