Security Assessment Teams

This will be a living document and will get content added and/or updated as often as possible.

You will hear, in various Cyber Security conversations, whether someone is considered a Red shirt or a Blue shirt, or if they’re part of a Red team or Blue team.

In the past few years, for some job responsibilities, it makes sense to know “both sides of the coin”, so there is also a Purple team.

Blue Team

Blue

A Blue shirt, or if you are on a Blue team, simply means you are Protecting the environment. Think of blue as in the police. You are policing the network and ensuring everything is safe. Blue team members will assess vulnerabilities, review logs, monitor and harden security protocols.

Blue Team Examples

  • Incident Response
  • SIEM Administrator
  • Vulnerability Management

Red Team

Red

A Red shirt, or if you are on a Red team, means you are trying to gain unauthorized access into an environment or network. Think of a red alarm going off when someone breaks in. Red team members focus on social engineering, phishing attempts and penetration testing to exploit vulnerabilities and obtain admin access.

Red Team Examples

  • Phishing Simulation Administrator
  • Penetration Tester
  • Exploit Developer

Purple Team

purple-team

A Purple shirt, or if you are on a Purple team, means you utilize tactics and methodologies from both Red and Blue. You may think like a red shirt attacker and create counter measures and hardening standards like a blue shirt. Red teams and Blue teams are both sides of the same security coin.

One team is not better than another. Both red and blue teams are needed within Cyber Security. There will always be various techniques on engagement, information reconnaissance, and security mitigation methodologies that decide the distinction among red, blue or purple.

VULNERABILITY SCANNING

You can scan hostnames, IP addresses, IP ranges, credentialed, or non-credentialed, in order to find vulnerabilities, open ports, and any threat that can be exploited.

  • Nessus
  • OpenVAS
  • Nmap
  • Nikto2

PENETRATION TESTING

Pre-Requisites

The more you know about the following list, the better and easier it will be for you.

  • Unix – learning at least basic Unix commands will be extremely helpful
  • Linux – understanding a distribution like Kali will be foundational
  • Windows – knowing Windows administration and native tools
  • Coding – some essentials will be HTML, CSS, Java, and Python
  • Lock Picking – some penetration tests may involve physical entry

Certifications

Certifications can change, and/or upgrade to new versions. These will vary on what your niche will be.

  • CompTIA Security+
  • CompTIA PenTest+
  • ECC CEH
  • GPEN
  • TCM PNPT

Stages

  • Planning & Reconnaissance
  • Scanning
  • Access
  • Persistence
  • Analysis

Free Training

RED TEAM

Cobalt Strike: https://lnkd.in/gkxsmed5

HackerSploit: https://hackersploit.org/

Red Team Villiage: https://redteamvillage.io/

TryHackMe Red Team: https://lnkd.in/g_fkgA8V

BLUE TEAM

CISA: https://lnkd.in/gP7cEJ2y

CyberDefenders: https://lnkd.in/gys4DzMk

LetsDefend: https://www.letsdefend.io/

Security Blue Team Support: https://lnkd.in/gDhNpqF2

TryHackMe Blue Team: https://lnkd.in/gWcKM5X2