Book Review: Professional Red Teaming
Review of the book Professional Red Teaming by Jacob G. Oakley. Book published in January 2019 by Apress Publication.
Continuing on my quest to learn more about red team operations, I picked up the book, Professional Red Teaming by Jacob G. Oakley. Once again, I am guilty of judging the book by its cover. This time it turned out to be okayish choice. This book aims to help readers navigate the intricacies of conducting professional red team offensive security engagements, focusing on operational guidelines, tradecraft, and the human aspects of offensive security. It also introduces a novel concept—Counter-APT Red Teaming (CAPTR)—designed to tackle advanced persistent threats (APTs) and offers a comprehensive framework for evaluating offensive security processes.
Please note that even though this book covers certain technical aspects of offensive security engaements, this is not a technical book. It focuses more on the management and process aspect of offensive security engagements.
Content Overview
The book is organized into 15 chapters that address various facets of offensive security engagements:
Foundations of Red Teaming: Chapters 1-3 provide an overview of red team operations, the importance of human hackers over automation, and the limitations of modern offensive security engagements compared to real-world adversaries.
Process and Execution: Chapters 4-8 cover the theoretical and procedural aspects of engagements, including scoping, drafting rules of engagement, execution phases, reporting, and the role of purple teaming.
CAPTR Teaming: Chapters 9-12 introduce and elaborate on CAPTR—a reverse red teaming methodology—with detailed steps such as scoping, initialization, and execution.
Evaluation and Experimentation: Chapters 13-15 focus on comparing traditional red teaming with CAPTR through a structured framework and a fictional experiment to illustrate their effectiveness.
Salient Features
The concept of CAPTR and Reverse Red Teaming is innovative and provides a fresh perspective on addressing APTs, making it potentially valuable for organizations.
The book emphasizes the challenges posed by people during offensive security engagements, including the dynamic between adversarial blue and red teams.
Chapters 4-8 are a goldmine for understanding the lifecycle of offensive security engagements, with actionable insights on scoping, execution, and reporting.
The inclusion of a sample format for operational notes and examples from the author's professional experiences make the content insightful.
The guidance is relevant for both internal red teams and external service providers, catering to diverse professional needs.
Not so salient Features
The interchangeable use of the terms, red teaming and penetration testing, can mislead readers, especially professionals who understand the critical differences between the two. Referring to them collectively as "offensive security engagements" could have resolved this ambiguity.
Certain scenarios, such as assuming an organization undergoing a red team exercise lacks a vulnerability management program, seem disconnected from reality.
The tone, particularly in the initial chapters, leans heavily toward criticism, which may not resonate well with all readers.
The book contains some spelling and grammatical inconsistencies, which may distract readers at times. Addressing these issues in future editions would enhance the overall reading experience and professionalism of the content.
My rating 3.5 / 5.0
Join my Cyber Security book club on Discord and share your views on this book (or any other security book of your choice).
Other book reviews
Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham
Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón
Penetration Testing Azure for Ethical Hackers by David Okeyode, Karl Fosaaen
Red Team Development and Operations by Joe Vest and James Tubberville