Join us 2 March for our next Red Teaming 101 Webinar.

The 2017 Red Teamer’s Bookshelf

A picture of booksIt’s been a couple of months since we first announced that Red Team Journal,, and OODALoop would be compiling the latest “Red Teamer’s Bookshelf” jointly. For those of you who’ve been waiting, the list is finally here. It’s larger than previous years, so we’ve organized the titles by category (and yes, some of these titles would fit in more than one category). The titles address a range of red teaming activities and skills, with a noticeable increase in special operations books this year. Thank you to everyone who submitted titles. (You can also find the the list here.) Read on …

The False Client

It’s one thing to red team; it’s another thing entirely for a red team to facilitate useful change. All red teaming is embedded within a culture, and savvy red teamers learn quickly that not all red team engagements are what they appear to be. Sometimes a client hires a red team to validate what the client already “knows” (typically then tying the red team’s hands through a set of overly constrained rules of engagement). For the experienced red team, this usually yields a level of frustration that’s best avoided by simply not taking the job.
      In a roundabout way, the quote below from Jorge Luis Borges reminds us of the red team client who feigns interest in uncovering the uncomfortable truths. Read on …

The Hazards of Cross-Cultural Red Teaming

Are members of all cultures equally good at intuitive red teaming? Though his words might sound stilted and “politically incorrect” to our sensitive 2017 ears, F. S. C. Northrop, writing in 1946, suggests that the answer is “no.” He begins by arguing that the “ideographic symbolism” of the Chinese language yields a “superlative degree of fluidity, a capacity to convey the unique particularity, nuance, and precisely refined richness of the specific, individual experience which probably no other mature language in the world today achieves.”1 This, he suggests, generates within “the Chinese psychology” an exceptional ability to identify with other cultures: “It is doubtful,” he says, “if any other people have such capacity as have the Chinese, having visited, lived with, and immediately experience the culture and psychological reactions of another people, to put themselves in the intuitive standpoint of that people.”2 He cites examples of Chinese students living in France and the United States, who exhibit a remarkable ability to absorb the cultural perspectives and habits of their host countries. He attributes this ability not just to the fluidity of the Chinese language but also to the “ancient philosophical and religious intuitions” of the Chinese culture.3 Further, he warns that “Unless we of the Occident find in our own immediate experience the factors to which their remarkably denotative philosophical and religious terminology refers, we can never hope, regardless of our information, or our observation, to understand either the Chinese or any other Oriental people.”4 Read on …

  1. F. S. C. Northrop, The Meeting of East and West, p. 318 []
  2. Ibid., p. 318. []
  3. Ibid., p. 319. []
  4. Ibid., p. 319. []

The Seen and the Unseen

In his 1946 book Economics in One Lesson, Henry Hazlitt unfolds an interesting systems-oriented principle that we believe belongs in every red teamer’s toolkit. Often, Hazlitt tells us, the unseen is more important than the seen, even though we naturally tend to focus on the seen. Among other things, Hazlitt discusses public-works projects, which generate visible activity and tangible results. What we don’t see is the “what-might-have-beens,” the results that would have emerged had the same resources been applied differently. Read on …

Calling All Red Teamers: Help Us Build the 2017 Bookshelf (Updated)

A picture of booksIt’s time to update The Red Teamer’s Bookshelf. In the past, we’ve either built the list ourselves or consulted a small group of colleagues. This time we’d like to crowdsource the list in partnership with and OODA Loop. Use the contact page to send us the titles of the book or books that you believe red teamers should be reading. (You can reach back into history; these don’t need to be 2016/2017 titles.) When you do send us your title or titles, add a sentence on each telling us why you think it’s important. After a week or so, we’ll aggregate the submissions and post The Red Teamer’s Bookshelf (2017 Edition) at all three sites. To get your thinking started, here are the previous lists:

Matt Devost’s list of the best security, business, and technology books over at OODA Loop is worth checking out as well.

Archived Red Team Journal Mission (1998)

The following is the Red Team Journal mission as posted on the site in 1998. For better or worse, it still applies today. (We even dug up an old RTJ banner!)

In spite of growing readiness problems, the U.S. military remains without peer. It is the best-trained, best-equipped force in the world. Its budget is larger than the next five largest defense budgets combined. It fields technologies many forces won’t acquire until well into the next century, if ever.
      Yet today the United States is more vulnerable to attack than perhaps ever before. The same complex latticework of technology that powers our cities and yields dominant awareness on the battlefield masks an abundance of critical leverage points. A knowing adversary can target these points with potentially spectacular effect. Pick a card and pull. The house comes down. Read on …

Con and Hypercon: Cultivating the Eye of the Sly Jester

King and JesterAt Black Hat USA 2014, I shared a diagrammatic method of perceiving what I call con and hypercon.1 A con is just what it sounds like: a state in which one actor attempts to deceive another, most often to do something that benefits the first and hurts the second. Phishing is a con as is “the big store” in the movie The Sting as is—more generally—any case in which one actor willingly hides a secret or projects a falsehood when attempting to manipulate another actor.
      A hypercon state exists when the “conned” actor sees through the con. This opens options such as covertly watching what the “conning” actor will do and exploiting the “conning” actor’s now inferior state of knowledge. Turning the tables on a phisher or, in other words, “conning the con” might result from awareness at the hypercon level. Read on …

  1. This was a joint presentation with Matt Devost, who explained the cyber implications of con and hypercon. []

‘Sitting Around Thinking’—Well … Yeah

I spoke briefly yesterday with a gentleman who runs a successful pentesting company. For the most part, I get what he does, but I don’t think he got what I do, nor did he seem inclined to ask any questions to find out exactly what that might be. (At one point, he described my version of red teaming as “sitting around thinking,” which, of course, doesn’t make money!)
      The misunderstanding just might be my fault. I realized today that I need a better method of describing how successful red teaming addresses the whole system even if the red team ultimately only “attacks” a portion of it. I’ve tried before (here and here), but until I get it right, I’m going to keep trying. Read on …

The Annoying Red Teamer: A Philosophical Approach to the Problem

Painting of Diogenes and the Lantern.Red teamers can be annoying. Sometimes the annoyance is justified, sometimes not. After all, who likes to be told that they overlooked a key assumption or failed to implement a sensible practice. It’s not surprising that many people resist even the idea of red teaming.
      As red teamers, we often lament the shortsightedness of this resistance. What we don’t discuss very often is the uncomfortable fact that we often aggravate and perpetuate it. Yes, we can be self-satisfied and snobbish. And why not? We spend our days thinking about important things other people ignore, neglect, and overlook. Even when we’re not snobbish and condescending (honest!), we have to work twice as hard not to be perceived as such. That’s just the nature of the game. Read on …