A red team is, like its name states, a team. This is a great thing since each member brings his or her own experiences into the mix. Each member of the team has a specific area that he or she is responsible for. These are usually based on the knowledge of that particular person and on his/her personality.

Yes, personality plays a huge role here. For example, not everyone is comfortable with physical security breaches, social engineering or writing attack codes on the fly. If a team member is not an expert in coding the initial exploit, they will usually be the one calling the target and causing her to run the exploit. Although we are masters of our specific sectors, we can do work in other areas as well. We all know how to code and also understand the basics of digital and physical security. However, some of us are experts in these areas and we often take the lead when a related operation comes along.

Still, the success of a project or operation is a team effort, always. Their combined knowledge and ridiculous thinking is key.

During one project, we had two guys in the field trying to assess the personal security of a large corporation’s C-level executives while they were abroad. They were working with limited equipment and relied on us, the guys back at HQ, to help them through the project. These were two of the most capable hackers and security experts I know. Although both had years of experience (one of them being a former SOF operator), they knew that they would need help from the team to successfully complete the op.

The executives stopped at a local cafe to have breakfast like they did every morning. One of the execs opened his laptop and began checking the news. When the guys from the team started scanning, as we usually do on public networks, they immediately noticed someone performing a vulnerability scan on the executive’s computer. This is easy to spot if you have a sniffer running on the network. Now, they could have assumed it was one of those ‘target of opportunity scans.’ Given who these executives were, the country they were in and based on past experience, the guys decided that this was likely a targeted attack. They called us back at HQ and requested that we begin coding a backdoor for the exec’s computer. They also sent us the results of their own vulnerability scan.

The project went from being an assessment about the personal security of the execs, to a digital VIP protection operation.

The idea was to breach the VIP’s computers ourselves. We would then install a backdoor and monitoring program before the attackers had a chance to infiltrate the system. This would allow us to detect the attacker’s identity. Hard to do, but sometimes it works.

Given that we didn’t want to alert our customer yet, “Y”, the master exploit coder, immediately started reviewing the scan. Meanwhile, I began to configure a computer so that it would have the same specs of the executive’s: same OS, same apps, etc. Once this was done, I wrote a program that would eventually be installed on the attacker’s computer if we could send them the code.