As the name implies a Red Team is a team. In the world I live in – information and physical security – it is comprised by a variety of experts in different areas. Each member can perform the other’s duty but each one has a specialty and he or she is responsible for it.

I can’t disclose the current team structure, but one team I was part of early on a few years ago was composed of six members: four members doing the actual work (we called them Alphas), one managing (called Six) and the overall commander (called Six Actual). We rotated through the management of the team so each of us would work as an Alpha on some projects or as a Six on others. This way we all learned to manage the team. Six usually would set the initial plan (recon, digital or physical pentests, schedules, etc) but the whole team would have the ultimate word about the plan once more information was gathered.

Cyber Warfare: The “Team” in Red Team

Our team had people that were experts in: exploits or tools coding, networking, crypto, social engineering and perimeter security. Again, we could all do everything but some of the Alphas were really good at a specific activity. For example, I am a very good programmer and have experience coding low-level system code and exploits, however I’m not very good with Python, Ruby or other fast and light languages and scripts. These are needed during an operation to write on the run attack tools, scan tools, exploits, etc.