Book Review: Red Team Development and Operations by Joe Vest and James Tubberville
Review of the book Red Team Development and Operations by Joe Vest and James Tubberville. Published in January 2020.
I recently picked up this book, Red Team Development and Operations by Joe Vest and James Tubberville, while searching for material to read on Red Teaming. While this is not the only book on the subject, I was intrigued by the 'Zero-Day Edition' (along with this content, of course). Also, it was published recently (at the time of writing), in January 2020.
Content Overview
The authors have designed this book to be a 'practical guide'. This means that the concepts and tips from this book can be directly applied to real-world red team engagements. The content is organized to align with various phases of a red team engagement.
There are six sections in this book:
Introduction - This section establishes the context for rest of the book. It describes basics such as threats, vulnerability assessments, penetration testing, red teaming, red team goals, red team organization etc. It also lists out differences between a vulnerability assessment, a penetration test and a red team engagement.
Engagement Planning - As the name suggests, this section describes the planning phase in detail. The authors cover various areas, such as scoping, team size, costs, roles and responsibilities, rules of engagement, scenario models, execution phases etc., that go into planning a red team engagement. There's a lot of information packed in this chapter as the authors believe planning is the most important phase of an engagement.
Engagement Execution - This section covers the execution phase of a red team engagement. Authors' focus in this section is on data collection, activity and operator logs, understanding and implementing an adversary's TTPs, command and control center etc.
Engagement Culmination - This section describes activities that should be performed after the execution phase. These include verifying operator logs, removing any sensitive artifacts, executive and technical briefings.
Engagement Reporting - Finally, the authors describe how an engagement report should be prepared. What should be included and what not. The authors emphasize that a red team engagement report should be a chronological story-driven report.
Summary and Conclusion - This section contains the closing remarks from the authors and a summary of earlier chapters.
Salient features
Here are a few things I liked about this book:
I got to learn some new red teaming concepts such as C2 tiers, C2 re-directors, domain fronting, de-confliction, two person integrity etc.
It is written in a simple and easy to understand manner.
Authors have included some interesting puzzles (thought exercises) at the end of the book.
The companion website provides a lot of ready-to-use material.
Provides a good starting point for understanding and conducting a red team engagement.
It is good for penetration testers, new red teamers, information security managers and executives of organizations opting for a red team engagement.
Not so salient features
Here are a few things I did not like about this book:
There are too many things covered for a book of this length and size.
It gets repetitive at certain points, to the extent that same text is copy-pasted in multiple sub-sections.
It just dips into technical aspects of red teaming, there's no deep-dive.
I found the content organization to be a bit haphazard.
My rating 3.6 / 5.0
Join our book club on Discord and share your views on this book (or any other security book of your choice).