Catch the recent “Politics, Power, and Preventative Action” podcast interview with RTJ founder Mark Mateski.

Red Teaming, A to Z

Ask 26 red teamers to generate 26 random thoughts on red teaming, and the permutations that would ensue are such that you’d walk away before reading just a small fraction of the total. Just thinking about it is exhausting, so why not read just one (this one)?

A: The “red” in “red teaming” traditionally refers to the adversary of interest—the adversary the red team emulates.

B: Systems thinking is among the core set of key red teaming skills.

C: Many pentesters are red teamers, but not all red teamers are pentesters. Read on …

Syria: Asking the Right Questions (Before and After)

The recent U.S. decision to hit a Syrian air field with cruise missiles has triggered a flurry of questions, both in the United States and abroad. It reminds me of RTJ Red Teaming Law #34 (“Question”):

In many ways, the art of red teaming is actually the art of asking the right questions, from the right perspective, at the right time. Ask the wrong questions, and it almost doesn’t matter how well your red team performs.

In this context, it’s worth adding, “Ask the wrong questions or fail to appreciate the right ones, and it almost doesn’t matter how well your cruise missiles perform.” Read on …

When to Red Team: Balancing Costs and Uncertainty

In my last Red Teaming 101 Webinar, I shared a concept that I often discuss in my red teaming courses. It involves the issue of when you should red team the system of interest, where the system is some combination of people, technology, or processes. Like many issues connected with red teaming, the short answer is “it depends,” the middling answer is “it’s a tradespace,” and the long answer, well—it’s a longer answer. During the Webinar, one of the participants asked if I’d posted the concept on RTJ; I hadn’t to that point, so I assembled this post. Read on …

The 2017 Red Teamer’s Bookshelf

A picture of booksIt’s been a couple of months since we first announced that Red Team Journal,, and OODALoop would be compiling the latest “Red Teamer’s Bookshelf” jointly. For those of you who’ve been waiting, the list is finally here. It’s larger than previous years, so we’ve organized the titles by category (and yes, some of these titles would fit in more than one category). The titles address a range of red teaming activities and skills, with a noticeable increase in special operations books this year. Thank you to everyone who submitted titles. (You can also find the the list here.) Read on …

The False Client

It’s one thing to red team; it’s another thing entirely for a red team to facilitate useful change. All red teaming is embedded within a culture, and savvy red teamers learn quickly that not all red team engagements are what they appear to be. Sometimes a client hires a red team to validate what the client already “knows” (typically then tying the red team’s hands through a set of overly constrained rules of engagement). For the experienced red team, this usually yields a level of frustration that’s best avoided by simply not taking the job.
      In a roundabout way, the quote below from Jorge Luis Borges reminds us of the red team client who feigns interest in uncovering the uncomfortable truths. Read on …

The Hazards of Cross-Cultural Red Teaming

Are members of all cultures equally good at intuitive red teaming? Though his words might sound stilted and “politically incorrect” to our sensitive 2017 ears, F. S. C. Northrop, writing in 1946, suggests that the answer is “no.” He begins by arguing that the “ideographic symbolism” of the Chinese language yields a “superlative degree of fluidity, a capacity to convey the unique particularity, nuance, and precisely refined richness of the specific, individual experience which probably no other mature language in the world today achieves.”1 This, he suggests, generates within “the Chinese psychology” an exceptional ability to identify with other cultures: “It is doubtful,” he says, “if any other people have such capacity as have the Chinese, having visited, lived with, and immediately experience the culture and psychological reactions of another people, to put themselves in the intuitive standpoint of that people.”2 He cites examples of Chinese students living in France and the United States, who exhibit a remarkable ability to absorb the cultural perspectives and habits of their host countries. He attributes this ability not just to the fluidity of the Chinese language but also to the “ancient philosophical and religious intuitions” of the Chinese culture.3 Further, he warns that “Unless we of the Occident find in our own immediate experience the factors to which their remarkably denotative philosophical and religious terminology refers, we can never hope, regardless of our information, or our observation, to understand either the Chinese or any other Oriental people.”4 Read on …

  1. F. S. C. Northrop, The Meeting of East and West, p. 318 []
  2. Ibid., p. 318. []
  3. Ibid., p. 319. []
  4. Ibid., p. 319. []

Archived Red Team Journal Mission (1998)

The following is the Red Team Journal mission as posted on the site in 1998. For better or worse, it still applies today. (We even dug up an old RTJ banner!)

In spite of growing readiness problems, the U.S. military remains without peer. It is the best-trained, best-equipped force in the world. Its budget is larger than the next five largest defense budgets combined. It fields technologies many forces won’t acquire until well into the next century, if ever.
      Yet today the United States is more vulnerable to attack than perhaps ever before. The same complex latticework of technology that powers our cities and yields dominant awareness on the battlefield masks an abundance of critical leverage points. A knowing adversary can target these points with potentially spectacular effect. Pick a card and pull. The house comes down. Read on …

‘Sitting Around Thinking’—Well … Yeah

I spoke briefly yesterday with a gentleman who runs a successful pentesting company. For the most part, I get what he does, but I don’t think he got what I do, nor did he seem inclined to ask any questions to find out exactly what that might be. (At one point, he described my version of red teaming as “sitting around thinking,” which, of course, doesn’t make money!)
      The misunderstanding just might be my fault. I realized today that I need a better method of describing how successful red teaming addresses the whole system even if the red team ultimately only “attacks” a portion of it. I’ve tried before (here and here), but until I get it right, I’m going to keep trying. Read on …