This book is the culmination of years of experience in the information technology and cybersecurity field. Components of this book have existed as rough notes, ideas, informal and formal processes developed and adopted by the authors as they led and executed red team engagements over many years. The concepts described in this book have been used to successfully plan, deliver, and perform professional red team engagements of all sizes and complexities. Some of these concepts were loosely documented and integrated into red team management processes, and much was kept as tribal knowledge. One of the first formal attempts to capture this information was the SANS SEC564 Red Team Operation and Threat Emulation course. This first effort was an attempt to document these ideas in a format usable by others. The authors have moved beyond SANS training and use this book to detail red team operations in a practical guide. The authors’ goal is to provide practical guidance to aid in the management and execution of professional red teams. The term ‘Red Team’ is often confused in the cybersecurity space. The terms roots are based on military concepts that have slowly made their way into the commercial space. Numerous interpretations directly affect the scope and quality of today’s security engagements. This confusion has created unnecessary difficulty as organizations attempt to measure threats from the results of quality security assessments. You quickly understand the complexity of red teaming by performing a quick google search for the definition, or better yet, search through the numerous interpretations and opinions posted by security professionals on Twitter. This book was written to provide a practical solution to address this confusion. The Red Team concept requires a unique approach different from other security tests. It relies heavily on well-defined TTPs critical to the successful simulation of realistic threat and adversary techniques. Proper Red Team results are much more than just a list of flaws identified during other security tests. They provide a deeper understanding of how an organization would perform against an actual threat and determine where a security operation’s strengths and weaknesses exist.Whether you support a defensive or offensive role in security, understanding how Red Teams can be used to improve defenses is extremely valuable. Organizations spend a great deal of time and money on the security of their systems. It is critical to have professionals who understand the threat and can effectively and efficiently operate their tools and techniques safely and professionally. This book will provide you with the real-world guidance needed to manage and operate a professional Red Team, conduct quality engagements, understand the role a Red Team plays in security operations. You will explore Red Team concepts in-depth, gain an understanding of the fundamentals of threat emulation, and understand tools needed you reinforce your organization’s security posture.

本书是在信息技术和网络安全领域多年经验的结晶。本书的内容是作者多年来在领导和执行红队任务时形成和采用的粗略笔记、想法、非正式和正式程序。本书中描述的概念已被用于成功地计划、交付和执行各种规模和复杂程度的专业红队任务。其中一些概念被松散地记录下来，并被整合到红色团队的管理流程中，而许多概念则被保留为部落知识。SANS SEC564红队操作和威胁模拟课程是最早的正式尝试，以收集这些信息。这一首次尝试是为了以一种可供他人使用的格式来记录这些想法。作者已经超越了SANS的培训，用这本书来详细说明红队操作的实用指南。作者的目标是提供实用的指导，帮助管理和执行专业的红队。在网络安全领域，"红队 "这一术语经常被混淆。该术语的根源是基于军事概念，并已慢慢进入商业领域。众多的解释直接影响了今天安全活动的范围和质量。当组织试图从高质量的安全评估结果中衡量威胁时，这种混乱造成了不必要的困难。通过在谷歌上快速搜索定义，你很快就能理解红色团队的复杂性，或者更好的是，通过安全专家在Twitter上发布的众多解释和意见进行搜索。写这本书是为了提供一个实用的解决方案来解决这种困惑。红队的概念需要一种不同于其他安全测试的独特方法。它在很大程度上依赖于定义明确的TTP，这对成功模拟现实的威胁和对手的技术至关重要。正确的红队结果不仅仅是在其他安全测试中发现的缺陷的清单。它们提供了一个更深入的理解，即一个组织在面对实际威胁时将如何表现，并确定安全操作的优势和劣势所在。企业在其系统的安全上花费了大量的时间和金钱。拥有了解威胁并能安全、专业地有效操作其工具和技术的专业人员至关重要。本书将为你提供管理和操作一个专业的红队所需的真实世界指导，进行高质量的约定，了解红队在安全操作中的作用。你将深入探讨红队的概念，了解威胁模拟的基本原理，并了解你加强组织的安全态势所需的工具。