Types of models for conducting red team engagements
Learn about different types of scenario models a red team can choose to conduct an engagement.
In an earlier post, I covered what is a red team methodology and different types of methodologies that the red team can leverage. Building on that, once the red team has selected a methodology, they need to figure out at what phase or stage in the methodology the engagement will start and which phases will be covered.
Red Team Notes
A red team engagement model defines, where in the methodology the engagement will start and which phases will be covered during the engagement. The chosen model must be aligned with the objectives and scope of the engagement.
Based on where in the methodology an engagement starts and which phases will be covered during the engagement, one of the following models can be selected for conducing a red team engagement:
Full Engagement Model - This model covers all phases of the red team methodology. It starts from outside the organisation. Takes the longest but is more thorough than any other model. This engagement model is preferred by most organisations.
Assumed Breach Model - This model skips the initial access and earlier phases of the red team methodology. It begins with the assumption that the red team operator has already established their footprint within the organisation. It takes less time but allows the red team to make more efficient use of the resources.
Custom Breach Model - This model is selected when the organisation wants to test a specific area. As the name suggests, the engagement is tailored as per the objectives and can start at any point within the red team methodology.
Follow my journey of 100 Days of Red Team on WhatsApp or Discord.