Recently I came across a security blog sighting the use of red and blue teams for internal auditing if you will. This could be a good thing since it is sort of thinking outside of the box . I do mention sort of. Since the dawn of computers people have been using tools to conduct audits on resources. Some of the well know from back in the 90's such as AutoHack. You know you remember using it. This was basically Pentesting. So the value of red blue teams really depends of the skill of the team member. Will it give you a fuzzy happy safe feeling that I trained Offensive Security and that I can write a buffer overflow or that I can script a quick html and BEEF and pwn. I say yes and no. Let me digress. I have been trained in the martial arts for over 21 years and understand the dynamics of defensive and offensive tactics. Yes I have read " The art of war". What I am getting at is that I was the best in my dojang. Yes. Did I do fairly well in local tournaments? Yes. Did I rock when at colorado OTC. No. How about the US OPEN. No. This is the no part. Is your team the best of the best? If they are using the tools and being a monkey and see-and-do from a video I say no. If your members can script there own exploit with ruby,python, perl...etc and really think outside the box and attack then it is a good idea.
Now the use of red/blue as an outcome I am not really sure about. In my eyes Red team if well versed will always pwn. Using the team as a means to redirect the income again will just be putting you back in a blue / defensive behavior. Now add a social aspect to team and you have an even more complex scenario. For example red team fail to capture the flag as you will on a test system it is demed compliant. Operator at said compiant system get rooted from a zero day or BEEFd site and blew the security. I guess a prime example is pwn to own. If you were to take attack vector 1 day one as said security. All systems are compliant they didn't hacked. Add human social interaction the playing field changes and said system is no longer compliant. So add the social factor to the RED team and you are getting more rounded.
So just as a recap. There are people smarter, faster, more cunning than you or your team. If this statement was false I wouldn't be writing this and life would be happy and my brother wouldn't have called me and hour ago complaining about antivirus 2010 on his system. So what part does a red team really get us? Really to make us better blue team.. because they are smarter and faster so we must defend. ../../
Now the use of red/blue as an outcome I am not really sure about. In my eyes Red team if well versed will always pwn. Using the team as a means to redirect the income again will just be putting you back in a blue / defensive behavior. Now add a social aspect to team and you have an even more complex scenario. For example red team fail to capture the flag as you will on a test system it is demed compliant. Operator at said compiant system get rooted from a zero day or BEEFd site and blew the security. I guess a prime example is pwn to own. If you were to take attack vector 1 day one as said security. All systems are compliant they didn't hacked. Add human social interaction the playing field changes and said system is no longer compliant. So add the social factor to the RED team and you are getting more rounded.
So just as a recap. There are people smarter, faster, more cunning than you or your team. If this statement was false I wouldn't be writing this and life would be happy and my brother wouldn't have called me and hour ago complaining about antivirus 2010 on his system. So what part does a red team really get us? Really to make us better blue team.. because they are smarter and faster so we must defend. ../../
