The Red Team Machine: Optimizing for Success

awesome alright can everyone hear me okay if I just talk like this without the mic thanks alright welcome to the red team machine optimizing for success excuse me I'm Patrick Fussel I'm a member of exports Reds red team I've been working in InfoSec and actually I apologize thanks also to the organizers putting this together I know I can already tell like a lot of work goes into this and I know we wanted to say we really appreciate that to everyone who helped so jumping back I'm Patrick possum a member of x-force Reds red team I've been working InfoSec for in one form of another for about nine years I've spoken at several conferences done hackfest millicom

besides Elvia Gear con just to touch on a few however I started my professional life in the United States Marine Corps after graduating from the College of Charleston in 2006 I'm Tom Porter I've been a member of the fusion X red team for a few years now I've done some talks on bloodhound extensions Porter house on Twitter and slag now the reason that Patrick and I mentioned our previous careers here and chose these pictures was because we found that his background as a Marine overlap what we do now is write to you so if we work together at a previous employer where we did penetration based or CCI based penetration testing and one of our favorite topics of conversation

was what are the efficiencies of this team how can we improve those and when we had that discussion a lot of times we kept circling back to this question what makes a red team effective now first of all why do we care that everybody seems effective and for Patrick and I we think that the answer is pretty simple we'd like to see happier people better work environments stronger teams and just for the industry to evolve and we think that having more effective red teams leads towards that goal now what Pat Ryan looked at this question the first thing that we jumped out there jumped out to us was the team aspect so when he was operating as a

ring for when I was pitching we performed in part of these high performing groups we operated in stressful environments and we had a shared mission with our team members your failure to know and execute your role meant failure for the team and that's a heavy burden to place on yourself especially when you're operating in circumstances like packing clothes and what we found there was a lot of hard lessons we learned along the way that apply directly to red team you also might leave this question and think about the one aspect like what's at our bad teams disposal things like there that takes techniques procedures our team and while we think those are important we think those are more of a results

they're a result of other foundational quarter elements of a team like their principles like their team culture like how their organization structure is your team architect in a way that removes communication that promotes growth how rigorous is your hiring process two year leaders balanced the dichotomy between discipline and honor and then we talk about measuring effectiveness so you might look at metrics and hopefully these a align with your organization's overall mission you might look at success for a client retention rate might look at growth you might look at revenue or dominant factor there's a handful of things out there the things you might judge yourself by they're more quality of a nature things like relationships how our relationships be

built with our clients and have those improve relationships we built across the different functions of our organization are we promoting this now this presentation is hacked recognize attempt at answering this question it's a combination of all of our years of experience with interacting with people in the industry we've interviewed people specifically about this topic we've done quite a bit of research and publications and it's mostly just our own personal experience as being members of various successful teams in disciplines we hope that when you walk away from here today you can take some actual ideas with you back to your team's to start so we've broken us off up into three sections the first being the red team mission we'll

talk about the wire the purpose behind what we do cuz registers we'll talk about different test of how we refer to missions and we'll bring those together and put and talk about what it means to Pemberley defined ready mission in the second section we'll talk about how we architected bread team so what mission factors that team culture facing to effective communication strategies how do we build leaders in the organization and how to deal with performers on the team and then lastly in the third section approaching the mission we'll talk about the mission lifecycle so talk about the importance of communicating intent the planning and pepper it by preparation phases going for execution and then how

they conduct reviews to improve the team so first section the bright team mission we're gonna talk about the why and I'll tell you guys a story about where I grew up in Charlotte North Carolina so ever since I was old enough to the hold of that really has those might baseball's about four or five years old I started I played pretty competitively then I got the high school and I was trying to gear myself to reach the next level I'm kind of go play college I maybe one day so that and I found this program based out of Charlotte called the on deck baseball and softball Republic Act and it was started by the guy you see there on the

right his name is Mike show now Mike grew up in Charlotte his mom was an assistant to the owner of the Charlotte minor league baseball team Charlie those they were the double-a affiliate of the Baltimore Orioles and as you can see in the on that little bit of the chose the black and orange thats color scheme might still wear his number to eat because this favorite player was one of my leaders that he met and that times Erica Junior Mike spent his days as a kid shiny player shoes he operated the scoreboard there in the games and it's where his passion for baseball really came from I had started in those days Mike went on to play in high school in

Charlotte in a plane a fielder at UNC Asheville he played for a few years and then his professional playing career was done he never played fleshlings ever drafted it so he couldn't hit a curve ball anymore and then after his plane is whether were over he said go into the coach negro so my coach one of the local Charlotte high school teams and led them back into contention he then went back to his alma mater if it's the Ashmolean coach there and the assistant coach that you miss in Charlotte and 1999 Mike broke off from this cushy news and started the on-deck Academy and if you run into Mike in the hallway you can tell he was a pretty

mild mannered guy and usually had a smile that you see up there and it's easy to get along with them talk to but as soon as you stepped into the dugout you saw this the squishy flip and you saw this this passion and still he's still the most passionate man ferment about baseball he loves the sport and when he built on death he had that passion in mind they even built it into the name of the program for those of you are familiar with with on deck baseball terminology it's where the next hitter up to the plate prepares for their at-bat and that's exactly what he was doing with Charlotte's youth he was using baseball

as a tool to develop air back the next up in their live stream whether that was you know playing baseball competitively or even beyond that and when you walk in the front door of on decks offices in Pineville you see this poster which you can see this is a screen cap from one local Charlotte broadcast news broadcast up there and it has different principles that they were teaching to all the different athletes and played out they look like this leadership respect making a difference integrity service and commitment if you look at some of the language here you see things like we raise the bar we've set the standard we are dependable we want to make our

community a better place now if you look at this you have no idea it was about a small development program that try to get guys placed into college and professional ranks but might realize that these were the core tenants he needed to instill in his athletes to succeed these are transferable skills and these were things that didn't require to touch all it required was discipline now when you walk in those offices that on deck if you turn to laugh and look at the walls they're littered with these pictures of their current program and they have alumni ranging all the way backs when he started the program in 2000 and what you see up there is for each player that have their

name have the current class we have class in 1920 up there and their college commitments or where they went on to play professionally and the ball is just is just littered with these pictures so you see you got Duke yeah UNC Charlotte gardner-webb Wofford carson-newman and a handful of others and this is the current classes going through the program now this provided two key things for everybody I walked into the doors one and established they helped people remind them of the mission you know why are we here what are we working towards it gave people a tangible goal and secondly it connected the president where we are now with the future wherever you want to be so it

gave them that target to move towards them and help them visualize success so in 2004 my stolen on deck and went on to pursue his professional passion and the st. Louis Cardinals it's a scam so he scouted it and this one doesn't work then for about five years and then he got shot I'm managing the entire the rookie level team of the partners in Johnson City Tennessee he led them to a vacation they brought back next year he won another championship so they promoted about to double in Springfield and he won a championship and he was named by Baseball America there was the team of the year that year they then promoted in the triple-a where

he coached there for two years and became a triple-a all-star coach and then a 20-17 he was promoted up to the big piece as an assistant coach and actually created a position for having the quality control image halfway through the year he took over basically duty sector one that goes into the great son and the following year in 2018 Mike was made the bench coach of the Cardinals which was essentially the right-hand man of demand halfway through the 2018 season the Cardinals decided to fire their manager and then the English show the interim head coach of the quarters after the next month and a half might led the Cardinals to the best record in baseball

in that stretch they removed the interim tag and he was a bona fide manager about the quarters this past year in 2019 the Cardinals went on to win the National League Central and returns the first time since 20 2015 just this past week he was rewarded by awarded but a three-year contract extension he was named a finalist for national image of the year and that would be decided with Lisa actually which is I think it's a part wonderful the thing about my clothes he found this passion he found this why he and do I did it was prettier was going end up here and actually an interview last year Mike was saying that the Cardinals gentleman and a partner

and apparently much bigger plans for my and even he realized my just embody there's a principal said he hung on the wallet on deck and keep beating those the rest of his team they followed success so now we talk about the body a little more extract Lee and this is an idea of our from Simonson X both start with why if he has this notion of a golden circle and the scones that it represents a leader or a team or an organization how they operate how do you think I could communicate the outermost ring into what's so most people know base everybody knows what they do we sell widgets we perform adversary simulations some of the fewer people know how they

do it and this is what your differentiator is is what you sets you apart from your competition so we sell atmosphere simulations were really good at it and Clank slows it's not the most inspiring pitch but this is how people kind of process information he argues throughout the book that the organization's two teams leaders that spire find success start with being the one things that a lot fewer people really understand about their 13 leader position now if we think about this in a red team since the first we're gonna level seven definitions because talking fusion around those my favorite example of definition comes from Joe best and the blog they see their bright teaming is something that's here towards

sophisticated organizations it's isn't quite as why suddenly to how you wouldn't you wouldn't do red teaming until you have these other foundational components in place now definition of red teaming red teaming is the process of using tactics techniques and procedures or TTP's to emulate a real-world threat with the goals of training and measuring the effectiveness of people processes and technologies when defending an environment and I love this definition because it emphasizes the goals aspect but it also hits on those three things we just talked about what is red teaming when it makes history sense we're emulating real-world threats how do we do it by mimicking those threats TTP's why are we doing it two goals one we're measuring

effectiveness and two were testing you for training for effectiveness of the people processes and technology used by the fan and you can see pretty quickly how this translates over to whatever industry humor your client are operating in if I'm a financial services company I want to protect the credits people I know people out in my house if I am a service provider I want to protect against sense walking attacks so people online doesn't like they make someone get wiped out their cryptocurrencies

so now we're going well set on mission scope when you hear hash cannot refer to missions it's usually in one of two contexts so we had the overall strategic vision vision it's kind of in a big picture you see this we align with a mission state as strategy or that achieving that overall strategic goals you might have smaller tactical missions and these will have tangible objectives and usually we're talking about a red team since this is typically what we're referring to so as we move from engagement to engagement or client to client we're talking about these tactical missions now when it comes to communicating this mission to the rest of the team there's a few points in

detail mission and intent we're talking about the mission we're going to explain the overall picture what are we trying to do here and then we give them the details these are the technical captures that we're going after this is why we're going happy in addition that you want to communicate intent behind it you want to tell people why you're doing this you know what's the purpose of accomplishing these objectives where does it get us what future state we have in mind wait the company of that with the desired instead and the reason this is important is because it gives your frontline troops your operators that people actually executing these missions it gives them one elective right set of

boundaries if they knew the left and right points of where their authority lies they can be more creative and have more hominid thereupon me in that space without having the pester up here color management and secondly the the purpose for the why excuse me it allows them to take the risk necessary if you think about right seeming there's law inherent risk within it just by the nature of the job and your operators are going to take risk in order to do that if they understand why we're doing this you know what's the intent behind this mission or this objective they can discern what risks are worth taking so a key takeaways from this first section first

believe understand buy-in but the mission can be part of that planning process but once the decision is called or what's decision is made and that shot is called buy-in take it on like it was your own idea and go forth and execute if you don't understand officiating how can you expect the people you're supposed to communicate it to understand so ask questions be vigilant come to an understanding understand the reason behind it why we're doing it and buy into it and sell down the Train secondly name and rank priorities if you want your team to move towards target you have to give them a target to move and then lastly established purpose flood the environment with reminders that

demonstrates what success looks like help them visualize that success established purpose in the environment

awesome so uh moving on to architecting a team excellence through cat memes what do cat memes have to do with red teaming obviously the answer is nothing but I think there's an obligation in any InfoSec conference to have at least one cat meme and every presentation so consider that box checked all right so what makes up a team's culture or an organization's culture if you've ever been asked to define a term that was a little bit amorphous and and what it means and you struggle to define it without using the word in the definition I kind of went through this with team culture you know when the first time I think of it I was I found some good

definitions but they're very wordy I don't know if they really sent home what I was going for so after a little bit of googling I came up with the way things are done around here is it's very short and sweet gets the idea across but I really like it because it kind of evokes this idea of the million little things that that everyone on a team or an organization does from day to day or week to week or year to year I'm sure everyone in here has been part of some organization whether it's your school or a job there's probably could think about that the culture that was part of that organization if you think back what what

were the things you would say described that organization's culture what made it up for me it kind of reflecting back one that kind of tends to come to mind very quickly is it's a little bit negative but it kind of pops my head very quickly I remember a job I had quite a long time ago and I always remember it because everyone was very apathetic nobody really seemed to care about what was going on nobody dedicated any kind of purpose and that always pops in my mind because I sort of wondered what had caused that where did it come from you know what led to those behaviors where did they start will made them stick and maybe more importantly could

they be changed so what shapes the team culture the answer is a lot of things but it tends to start with leadership leader sets the tone that's that go through our team at one of my first schools and first commands in the Marine Corps we had the senior enlisted marine that that really set the tone for how the unit operated so we were in a joint environment so we had the marine detachment we also had the Navy the army the Air Force Coast Guard everyone was there we're all doing the same thing so outside of sort of good-nature insults to get tossed around each other these branches all get along really well everybody's trying to get through the

school environment but the marine detachment had this leader and I would describe to describe him as having held the line at his high expectations for us this sort of resulted in the marine detachment having a very unique feel and a very unique way of operating but things like very regular room inspections uniform inspections intense PT before and after school and in these inspections or these events this leader he always maintained a very high expectations and applied a very rigorous standard to what he wanted from us falling short of those expectations wasn't tolerated Jocko willing says in his book extreme ownership it's not what you preach it's what you tolerate and in retrospect I see this example is a

really powerful a composting idea of that that concept so our leaders regularly reminded us that the way that we've looked and carried ourselves in this joint environment reflected on the rest of the Marine Corps and it came it became very obvious that this attitude had permeated sort of every facet of the detachment for the most senior to the most junior every marine knew how to be excellent a specifically recall having a ring that was junior to me stopped me and tell me that my rank insignia was off-center I thought that was a really great thing because it became clear that there was a culture of everyone wanting to do everyone wanting to be excellent and everyone pushing the group to be

excellent just in case you're curious the reason I put this the this book up here is the marine I'm talking about in this section he he's there's a chapter about him in this book why Marines fight it's chapter 22 if you ever happened to get your hands on it so why is all of this critical because positive culture cultural attributes make a team successful now obviously Cypress Street red teams have some pretty stark differences from those in the Marine Corps Rowe teams have their own unique set of structures and challenges that you have to really consider we're talking about what makes them successful red teams take a lot of different forms they can be structured different

maybe you remote partially remote maybe work in an office internally facing externally facing maybe you're an organization that does just read team work or maybe penetration testing and other types of security work Tom and I work together at a company I think he mentioned it in the introduction we encountered a lot of the challenges that I think tie in really closely to the sorts of things you'll see in red teaming and you know the good news from the story is over time a culture of feeling safe and good communication came out but at the beginning we struggled a little bit so we talked briefly about some of the challenges that we faced and sort of lessons we took away from that

so this team we work together on it was a penetration testing firm everyone was fully removed and when we joined the team it was fairly small and I would say it was it was nascent in terms of procedures or practices one of the first challenges that I noted was this feeling of being siloed when you work remotely you're not with your team you know you you're executing engagement solo you don't have a great Avenue for communication and we didn't have a lot of incentive to work with the rest of the team so you're kind of just doing your own thing now I think this is an easy trap to following for any fully remote team just that lack of in-person

interaction isolates a team members also I think in any sort of technical team and red teaming it's really common when you have we're tracking tackling a complex technical challenge it's easy to get sort of tunnel vision and hone in on one thing you sort of forget the the wider team so everyone in this team they're getting work done yeah but the team felt felt very stagnant and there was very little to cohesion in terms of a operating as a unit so one of the first things the team had to do to work towards improving communication we had to implement the technical capabilities that make communication as easy as possible now I'm a belief that if you

want to influence behaviors you have to make the check the changes as low friction as possible in this situation being a remote team we deployed a fancy chat application and that made a big difference it helped now everyone's encouraged to speak to each other and talk as a team that's great but that's not all of the the cultural changes we needed now in retrospect two of the critical features of our team communications that that really helped came from our manager he had a tendency to view himself as an enabler more than a manager or a boss and he did a really good job of communicating this position to his team instead of do what I say or

listen here it was what do you need to be successful what can I get you to wear what can I get you to achieve your objective the second aspect was he was never afraid to say he didn't know something this created an environment where everyone was comfortable being vulnerable just results in building a strong sense of belonging to that within the team this is especially useful in red team's where you feel this pressure to know everything about everything I'm sure everyone's heard the idea of imposter syndrome like hey they're gonna find out I'm a fraud and that's really scary feeling it's important that you'd be able to communicate to the team when you need help or don't know something this

encourages learning information sharing lets everyone know where to focus future research efforts but without this people are more likely to kind of go off on their own make mistakes or maybe it's into something important over time this creates a loop sharing a vulnerability inside of the team builds closest and Trust which makes people more likely to be vulnerable inside the team and you get a much closer or more tightly knit team so over time a culture of health communication that practices developed can develop inside of a team which improves the sense of belonging and the team encourages and it just encouraged people to work towards helping the group instead of just focusing on themselves so the leaders and managers of a team

will likely be focused on those broader 48 goals the how the clear sense of what the bigger picture is whereas the team moving and they'll be executing on actions that move towards that achieving those goals right it's important everyone understand what that bigger picture is every member of the team probably doesn't need to know every detail of everything the management's doing because that would be a huge waste of time sort of conversely where the individual team members are focused on the specific tasks associated with their job roles if you're a member of a team your boss probably doesn't that probably knows what you're working on but they don't need to know every detail of how you execute every task

again a huge waste of time the leaders of the team need to make sure that each member of the team understands what that strategic vision is not just that but also how that individuals effort fits into the bigger picture so when each member feels like they understand how their efforts help the group everyone's more dedicated to the group success and this creates a stronger sense of belonging it's important to note this line this line of communication works in both directions both up and down the chain of command if you've ever gotten a call or an email from your boss asking some specifics about something you're doing your first reaction is to be a little bit annoyed I know it's happened to me

your knee-jerk is hey I know I'm doing leave me alone it's it's just it's just sort of an automatic reaction you feel like someone's micromanage you market micromanaging you it's a normal human thing but a more effective strategy is step back and think about why is your boss or manager asking to know about what you're operating on it's incumbent on the members of the team to make sure that they're communicating up the chain sir leaders can have good situational awareness about what's going on and they can make good informed decisions about they need to support you or what's direction the team is going one common thread I've touched on a few times here are cultural cues that build a sense of

belonging to a team if everyone feels are there a sense of one the team to succeed they're more likely to act in a way that benefits their group clearly there's a lot of things you can do to build that sense of belonging into a team once it's formed but an ideal place to start is the hiring process so anyone that's ever gone through a rigorous hiring process knows that after several rounds of interviews you feel like you've run a gauntlet but a rigorous hiring process can serve the team in a couple of ways provides an opportunity to screen for high-quality candidates and you can implement things like practical skill assessments and think back on a situation where you made the

cut to join some team once this automatically feels like you're part of the group once you join because you know the rest of the team endured that same process and also made the cut this sort of sense share of suffering since sense of shared suffering builds especially strong camaraderie outside of making a hiring process rigorous it's also helpful to include members of a team in on the interview they can do several things it makes the team feel like they have buy-in on the quality of candidates that are being hired and when someone is hired they have a default level of having been accepted by the team so we've hired people we want we have a

well communicated strategic vision for the team supported by effective culture what do we do when we recognize someone isn't performing up to the standards of our team how to react so depending on your role you might have varied options no matter what your role is though people that are struggling to succeed need leadership and mentoring to improve the goal of a leader is to get the most out of every member of their team if someone isn't performing they may need this to be led or need more support remember a sense of safety builds cohesion if trying to get someone fired is uh is your sort of first go-to when they're they're underperforming or not doing

well what signal does that send that person what is it signal does that send the rest of the team they're gonna feel scared for their job and they're probably not gonna perform as well team members need to be reminded you're part of this group this group has high standards but I believe you can reach those standards so one valuable lesson are I learned early on my Marine Corps career is that your first effort generally should be to solve problems at the lowest possible level of leadership so for the Marine Corps this concept is first enforced and whatever your basic training environment is I found out very early on if I'm missing some critical piece of gear I could go tell my drill

instructor but that would result in quite a bit of yelling and overall it just chomp very unpleasant for me not not the best idea so the alternative here is to to solve this without having to go up the chain the Marine Corps smallest unit is the fire team typically four people so you learn that many problems can be solved at that fireteam level without distracting the efforts of the larger the larger team sometimes that leadership might be between just two people though so again just that somewhere like a basic training environment this might be you and your rack mate if you and your rack mate have a very short time to make your rack and

you're working together to get it accomplished it might be that one of you need to step up and be the leader by priority attack prioritizing tasks and issuing instructions now this structure in the Marine Corps is by design by passing as much responsibility as possible as far down the chain of command as possible you build leaders early and you enable those junior leaders to be effective those junior leaders are the ones on the scene with the most visibility and dope to whatever it is they're dealing with and when they understand the directives they can be more effective someone who's more from the situation in the Red Team world I've noticed a lot members of the team

will have tons of great ideas for solving challenges but they're unsure if they have you know authority to execute on whatever it is they want to do to capitalize on those people it's really important you empower your junior leaders to solve problems whenever possible so kind of a summary for this one is what do you do when a manager or boss isn't doing the things to lead a team well anyone I think it's takeaway here is anyone can be the leader if something needs to be done and it isn't being done that's an opportunity for you to figure out how do I take charge and make it happen that doesn't mean go yell your boss and

tell him it's an idiot but it does mean you have a chance to to maybe be political and use tact to take over and improve so takeaways here look for opportunities to build a culture of good communication and make it okay to say I don't know put your hand up and say I need help and communicate up and down the chain of command so everyone can operate more efficiently alright approaching the mission all right so we've defined the larger strategic goal the tactical mission we've got everyone moves in the same direction we've assembled our team and now it's time to take action accomplish the objectives and for that we have the the mission lifecycle and see it here

communicating a tent planning preparation execution and review starting with communicating intent so we touched on in the first section communicating intent is the combination of the purpose of the Y along with the desired end state or goal when we communicate this it serves two purposes first we get faster improved decision-making for your frontline troops if operators know how their left and right balance of authority no their left my bounds of authority they know what kind of calls they can make without having to pester her but they're their leaders or their management if they understand the intent of the mission they can make judgment calls about what risks are worth taking him and which aren't though to hide my mentality amongst the

team ideally we want to be like the board if we have a shared mental model we can anticipate our teammates actions and prepare accordingly so when approaching planning should you you should start by understanding the overall purpose and desired and stated the mission for our team this might be we're going to exfil some piece of data that's our target obviously without being detected the planning should explore all the ways you might achieve that desired goal and also account for all the contingencies again in the red team world this can take a lot of forms maybe this is develop multiple footholds in an environment so you have a good fallback beachhead you never want to have just one one fail point having an

understanding with a client about what happens if red team activity is detected who are our points of contact who needs to know so in this picture on the side you see a group of Marines around a terrain model this is a really common tool in mission planning it's great because we can see the entire mission and play no operations for that mission from that perspective it's a makes it easy to sort of visualize and plan red teaming has a sort of unique element where the terrain you're dealing with changes from day to day or week to week sometimes so while any red some engagement will likely have an overarching plan to guide the team to

match these sort of constant changes in the terrain the should implement things like regular check-ins with a team to understand has it rained shifted what are we looking at now and now we can design more targeted phases of the planning process delegate planning to junior leaders as much as possible have them take ownership of their tasks red teaming is a really fast-paced I Namek were lots of constantly changing changing moving techniques tooling adversaries leveraging the expertise of as much of your team all the way down to the most junior person and the planning helps reduce introduce new ideas on top of maximizing your problem-solving capabilities delegating planning also encourages buy-in from the team as they

feel ownership of whatever part of the planning process they've taken part in once the planning is complete it's really critical you ensure everyone clearly understands the plan this includes knowing what the strategic goal is as well as their each person's role within that strategic plan so I'm a big fan of the preparation coming up with standard operating procedures I love them because it provides a baseline from which everyone in a team can operate now I recognize that an SOP can become so prescriptive that it hinders a team's ability to operate or be creative now in the Marine Corps a squad will have will be directed by a squad leader in the event of let's say something like

expected enemy contact the squad leader might deploy his squad in a way that maximizes firepower on a specific location what happens at the enemy comes from a different direction than what was expected does the squad give up and go home no they've practiced and drilled the situation over and over and over and over the squad will have a known procedure the details how do we adjust fire to a new location while minimizing exposure squad leader or issue commands the fireteam leaders who will issue commands their fire teams these preparations and and SOPs instead of hindering the team give them the skills necessary to execute their jobs in an effective way together

sorry there we go all right so well what prepared red team will likely spend time designing effective SOPs and meetings lab environments those SOPs should lay out how common operational tasks are expect to be executed allowing everyone to be on the same page for example if your team does a lot of fishing engagements you'll likely have a set of criteria for how you prefer your fishing servers to be deployed and make them effective you have to ask does everyone on the team know how to stand up and configure these servers to meet the standards in a time efficient manner are you training the team how to deploy these systems do you have solid documentation to guide someone how to do

that so that everyone's being sort of the minimum requirement if everyone on your team has been briefed and drilled on a set of well thought out procedures common in your operations you get cohesion a team with seamlessness in your operations overall very agile that lets you meet high expectations so I've moved on to the execution portion of the process as you go about executing remember that communication is vital especially if you have a remote workforce so push this away from awareness up down all around make sure I know what you're working on not only we're doing that guy you have to leave we've been working on we heard from you in weeks that can happen in writing you

know building a payload executes Candia time-consuming process if you're chasing a thread that least remote code execution that can take time so update people what you're doing tell them hey I'm gonna work you know chasing this thread for X amount of time and I'll come back and we'll regroup and realign so if you can take advantage of automation our team is taking advantage of wet books and things like Microsoft teams are slack to where you can have scripts that automatically push notifications to your communication platforms the lesser might know what you're working on hey I deployed the center structure hey I'm working on this this event just occurred it keeps people in one of the

the most important lessons I learned in my years penetration testing was the importance of documenting as you go I've been having me a number of times especially early on my career I find something interesting and I just started digging into it and then I picked my head up and six hours later I jumped through five systems I've got a bunch more credentials and I didn't document anyone and now I have to go back and write a report and that's extremely difficult to do it's a document will County document post names IP addresses the managers seeing what counts that you compromise with systems in touch with artifacts that you drop where the hashes of those artifacts things that you're going to

need to report on later or pieces of information that later in your tax cycle when I was learning penetration testing from John strain when the Sam's class as years and years ago he taught us that as we go through an environment instead of thinking of it like we try and hack this system naked it is more like an information collecting exercise you will learn as much as you can about the environment in which you're going after and document those because we as humans are really good at pattern recognition you might get some data early on your engagement that you're not really sure to do it and as you continue on you find that course the engagement what you

really need is what you got that and step one or two if you have that documented you could represent see those patterns and move forward similarly a document or consoles document the activity that you're actually doing on the network it really helps with deconfliction should the client ask and that's a lesson I promise you you don't want to learn the hard way third point even the most savvy leaders can get overwhelmed as information changes or a circumstances change it's always good to have a plan that's prepared for life inconveniences if you have all these things changing problems occurring you try to tackle all that once there's a solid chance that all the work will makes you fail so you

can step back look at the big picture prioritize the tasks and rank them and then design your resources to start executing and once you've executed tasks we've got solve them and then lastly by nature of red teaming and it's risky and carries this inherent risk that you have to deal with in your operators having to deal with if they want to accomplish their objectives I can't tell you how many times I've been the economy background checks and drug tests purely because of the sensitivity of the data and systems that we work with so as you're going through these engagements you might see an opportunity like you know wouldn't it be cool if I dumped the application or the process

memory of this particular application and

chances are you might take this the application now what does that do to your clients bottom line what does that do to the relationship that you've been you know working with fostering for years with this planet so remember the overall team's mission be professional and operate with integrity and then the last part of the mission life cycle process is review and if I have a chance to talk about recognizing I talk about pragmatics so Greg Maddux was is a Hall of Fame pitcher for the Bradys Asians for siding boards 18 bulbs greg maddux after every outing would go back to the video and go back to pictures like this and break down we did break down his approach taller hitters

he would break down his mechanics so you can look at this and say okay let's see I've got my chest alibi brought to my club I got out of her bed front knee I'm working down the play of the slope with my front foot about five stride lengths or foot lengths in front of the Bronner brother and I've kept my shoulder close so I can say keep my head up on the target and deliver the pitch if you went out and counted look at the mound after he was done pitching didn't count all the spikes working like that he was a consistent but he took this review process really seriously in the big leagues they typically have five man

pitching rotations so he would pitch every fifth day and he earned his nickname of the professor and it was partially because these kind of glasses anymore but it was mostly because when he got on the mound he was basically putting on a pitching clinic and teach everyone else this is how you do the his pitching coach at the time

his pitching coach Leo Mazzone he said yeah he's a professor on those four days of the three starts he was he would analyze everyone else watching how people were approaching hitters what the outcomes were talking strategy with his fellow members of the pitching staff he never stopped learning from the successes and failures savvy playas tourette team we conduct some people after-action reviews it's a turn part from the military's readiness the goal of an after-action review is to build like ideally it's something that is led by the people who commissioned so your operators your frontline troops not necessarily by the managers of leaders of the team excuse me you work through your engagement in chronologically sit down

you talk about each facet of what you did but what decisions you made what were the outcomes of those and it's a an environment where you need to turn your seniority off and switch humility on and you're aiming for a high camera so the questions you ask her in a a are pretty simple you start with what was the expected outcome of the mission what was the actual outcome if there's a difference between these two things why was there a difference and explore that just say you'll ask what went wrong and what went right in life if something went wrong how can we improve upon that for the next iteration of this for our next

mission if something went right what led to the success event is there a pattern we can extrapolate out and apply for the processes to improve those and then lastly it's little red team players what tools did you develop and of course this engagement what ttv did you modify your development and this serves couple purposes the main being if it really helps the new members of your team I probably haven't been environment maybe you guys have to where you join a new team and you start hearing all this lingo that thrown around or you're here then referencing fools they never heard of or they're acting or operating a certain way they just don't understand and it's because

there's a lot of this tribal knowledge that existed and it's not if things like this aren't documented it's really hard those people to come up to the same bar that you've already set up so when we do this we document I wrote these tools here are links to them on github or your internal code possible your wiki whatever it may be and then you say we worked on this we developed this TTP comeback this technology here's a blog post be released internally dollar and now when a new member comes on to the team they can see this repository of AAA ours and they can see ok the genesis of this tool was from this engagement three years ago

where in the context of what they operated was this now I understand why they do things like so if you take aways from this third section first if you've ever seen a members of a team who are typically more critical of the leaders or the organization or the mission and they've seen the most removed from what's actually occurring or at least invested it might not have been involved in the planning process so get those team members as much as you can involved in the plan even there's something small it allows people to take ownership of a portion of the plan that reduces the overall mission and secondly if you don't have any play books create them if you new continue

developing them this notion was really hit home with me and crows Perez is 2016 presentation at very comedies it was titled thinking purple if you don't have play books it's going to leave that whole sort of tribal knowledge and also you don't have to play books and makes you dependent upon the senior people who have developed the tools the tactics techniques and procedures 13 relies upon and lastly conduct those after-action reviews if you want to improve we have to set aside of time to reflect upon the actions you took and so circling back to why we started this talk what makes the red team effective well it's a combination of the things that we've been talking

about for 45 minutes but if we had to boil it down to one word or one idea we say its culture its building that culture where people can share vulnerability they build safety they establish purpose they exercise discipline and they take ownership if you begin these principles others will follow and your team will have more success so here's those references of works that we cited throughout and with that Victor thank you [Applause]