I am a Responsible Red Teamer. This is my manifesto.
@August 12, 2022
I am a Responsible Red Teamer.
I am the cyber defender’s sparring partner. My job is not to win against the blue team. My job is to help make battle hardened blue teamers. I may succeed at outmaneuvering the blue team during my engagements, but I will never confuse this for winning.
The only way I win is if, as a result of my actions, blue teamers become more capable practitioners. That is the way towards cyber enlightenment.
We spar inside the same castle walls and for the same reason. To become better at our craft. I will always strive to learn more, become better, and master my craft. But I will never forget that the blue team is the reason I exist. Their success is my success. I serve them, first and foremost.
I am a Responsible Red Teamer. A high degree of trust and confidence is placed in me by my client. I will do everything in my power to protect my client’s data, even as I siphon it from their environment in a calculated fashion. My intentions must be above reproach at all times. I will never allow my client’s data to rest or traverse in contested zones while unencrypted. I will ensure that the data I exfiltrate is only ever unencrypted in a location that I have positive control over.
I will ensure my C2 authenticates its agents and communications are encrypted from target to server. I will take care to ensure my payloads never land or execute in environments that are out of scope. I will minimize the operational risk to my client’s data wherever I can.
I will be ethical, practical, safe, and deliberate in every action during my engagements. If the scope of engagement is ever unclear, I will seek to clarify it. I will never fire off Proofs of Concept without testing them thoroughly. I will never leave payloads behind in the target environment after an engagement.
I am a Responsible Red Teamer. I will meet the blue team at their capability level. My engagements will emulate relevant, legitimate threats to my client’s data. Though I will study and learn every sophisticated type of attack, I will only deploy these capabilities if it is in line with my threat presentation plan.
If the situation calls for it, I will be relentless. If the situation calls for it, I will show restraint. No matter the situation, I will be creative and think like an adversary.
I am a Responsible Red Teamer. I will be a resource for defenders. I will be approachable, professional, and knowledgeable. I understand that nothing I do will have any impact unless my results are presented professionally, concisely, and compassionately. The cyber defenders I face will understand my intentions through my actions and their trust in me will be earned, not given.
I am a Responsible Red Teamer. I have read Tim MalcomVetter’s Responsible Red Teams blog post and considered its points.
Responsible Red Teams
This is a topic that I've wanted to write about for some time now. There are people in the InfoSec industry, and specifically in the penetration testing and red team space, that won't like what I have to say. I've tried to figure out some other way to say it - but gave up.
Until my final engagement concludes, I will carry the torch of responsibility and hold it high during my emulated cyber sparring matches. Until no blue team feels unprepared, overwhelmed, or outmatched, I will do my job proudly.
I am a Responsible Red Teamer and this is my manifesto.
— — — — — — > Back to
🌐 Where You Can Find Me
Practical Malware Analysis & Triage
Arm yourself with knowledge and bring the fight to the bad guys! Practical Malware Analysis & Triage (PMAT) brings the state of the art of malware analysis to you in engaging instructional videos and custom made, practical labs. Welcome to Practical Malware Analysis & Triage.
GitHub - HuskyHacks/PMAT-labs: Labs for Practical Malware Analysis & Triage
Welcome to the labs for Practical Malware Analysis & Triage. Read this carefully before proceeding. This repository contains live malware samples for use in the Practical Malware Analysis & Triage course (PMAT). These samples are either written to emulate common malware characteristics or are live, real world, "caught in the wild" samples.
📝Recent Blog Posts
Malware Analysis Labs: Internal Network vs Host-Only
"If Host-Only mode allows a VM to route to the physical host in some circumstances, can it really be considered safe for malware analysis?" I applaud my students for approaching me about this because it means they are thinking critically about safety during malware analysis.
How To HACK Your EX'S SOCIAL MEDIA ACCOUNTS (REAL GUIDE)
What better way to get revenge than to your ? That's where I, 0xTastyyboi, come in. I'm going to show you all that you need to know to EX'S SOCIAL MEDIA ACCOUNTS your . EX'S SOCIAL MEDIA ACCOUNTS ... Kali doesn't have notepad.exe ? What the hell is...
Red Team Infrastructure Done Right
You may be familiar with Tim MalcomVetter's blog post on Safe Red Team Infrastructure , where he lays out the high level overview of how to make a safe red team operational network. That post changed my life, but it did lack the technical details on how to do this process in a practical sense.
We Put A C2 In Your Notetaking App: OffensiveNotion
Notion is a popular notetaking application. It has lots of great features that make notetaking a snap. Some of the features we love the most include the capability to share notebooks across teams, push notes to cloud storage, build custom templates, and, in general, deck out your pages so they feel like they have lots of personality!
DLL Hijacking & DLL Proxying An SNES Emulator
Time: 30 mins Difficulty: Beginner Skills: Custom Exploit Development, DLL Hijacking 30 minute exploit dev post. Let's get it. I fell down another security research rabbit hole and when I snapped out of it, I found myself.... ...playing Chrono Trigger? Wait, what? That program in the picture is an SNES Emulator and, if you're like...
Zero-Point Security Red Team Ops 2021 Update
I am not sponsored by ZPS but did receive access to the beta version of the updated RTO course for free in exchange for my feedback on the material and labs. So first and foremost, a huge thank you goes out to ZPS! I paid for my own 30-day voucher for v1 of the...
Nim on the Attack: Process Injection Using Nim and the Windows API
Time: 45mins - 1hr Difficulty: Beginner Plus - Intermediate Skills: Exploit Development, Programming, Malware Analysis Shameless Self Plug: Hey! Want more content like this? I'm on the Twitters now! Give me a follow for cat pics and malware development. Want to get into intro level exploit development, but don't necessarily know where to begin?