In the last couple of Years the demand for Red Teaming activity has been drastically increased, but if you notice still most of our people relate Red Teaming activity to Active Directory Testing and Black Box Web Application Testing or just VAPT, but they don’t want to talk about the most critical part, without that no Red Teaming activity can be marked as complete, Which is Physical Breach.
The main reason of skipping this activity from Red Teaming is lack of Knowledge of the clients, I have seen people sitting in (Information Security Officer) and (Security Manager) Position and they don’t even fucking know what the difference between a Credential based Nessus scan and without Credential scan will do, So can’t expect much from them to know about all this. But in recent months multiple Companies started requesting for a Red Teaming activity which should include a Physical Breach on their Office and Showrooms which they manage.
Now comes the responsibility of a Consultant to Inform and Suggest their clients what Kind of attack can be performed in a Proper Red Teaming activity, Now here comes another Interesting Twist, In the Pentesting Community you will find two kind of Interesting Peoples:
- One who are really Passionate about Security and Chose their Passion as a career and earning from that now.
- Second who just want to Join Security or Pentesting related work in search of a well-paid job, you will find these kind of People all over the community, it’s not that they don’t know anything, it’s just that they Value Experience over Knowledge and they will be happy to get a 9-5 VAPT job for rest of their life. And if they found someone smaller in age with a good sense of knowledge, they will start pressuring him in multiple ways. This is the Harsh Truth of our Community and if don’t believe this then it’s your problem bro, It’s not my fucking job to make you believe, and whenever I find peoples like this, I don’t lose that situation to argue with that and teach them a perfect lesson, I don’t fucking care if you are a Manager or ISO or CISO, if you are wrong and not that technically strong just accept that, and if I am wrong I will accept that, No offense Just wanted to share my experience :).
Now Move to our Main topic (Red Teaming) in this I will Like to Share the concepts and Strategies we can follow in the activity and Will also like to share Some of my Experience.
Let’s start with my personal favorite and most interesting part in a Red Teaming Activity :
Twitter / Hack The Box / CTF Team / Teck_N00bs Community Telegram