What is a red team methodology?
Is there a method to the madness of conducting a red team engagement?
Let’s say you want to travel from city A to city B. You open Google Maps, enter the destination city and let it do it’s magic. After a route analysis, Google Map suggests three routes that you can take to arrive at your destination. You select the route that is more apt to your goals. Maybe you want to reach in the minimum time possible, or maybe you want to take a more scenic route even though it takes a little longer.
Similarly, there are multiple ways or methodologies to conduct a red team engagement.
Red Team Notes
Red team methodology refers to a structured approach for simulating real-world cyberattacks to evaluate the security posture of an organization.
Follow my journey of 100 Days of Red Team on WhatsApp or Discord.
A methodology can be further customized as per the objectives of the red team engagement. For example, the organization may opt to skip the initial access phase and approach the red team engagement with an assumed breach model vs a full engagement model.
Here’s a list of well-known red team methodologies: