Red Teaming: How to Think Like Your Adversary

Red Teaming: How to Think Like Your Adversary

( – The best way to protect yourself is to understand how your adversary thinks. Whether it’s your own body, your home, business or family, if you can get in your enemy’s head, you can create defenses that offer you protection from them. We do this all the time without thinking of it. When you know someone is a gossiper, you don’t share secrets with them. Money and valuables are put out of sight when a known thief is around. It’s just good common sense. But taken to another level, it can also keep you safe from more than just a bad reputation or loss of valuables.

Red Teaming and Pen Testing

One way to think like an adversary is to have someone else do it for you. Since you don’t normally think about ways to hit someone’s weak spot, an outsider’s point of view can be very beneficial… even more so if they are trained to do it.

Let’s start off with Red Teaming, sometimes referred to as “RT”. RT is an operation used to intentionally attack a corporation, government facility or other entity. The ones on the Red Team exploit weaknesses in security and protocol. Unlike an actual threat, they report what they did, how they did it, and what they recommend to fix it.

There is a similar procedure known as Penetrative Testing, or “Pen Testing”. This is different in the aspect that it targets certain areas at one given time, whereas a RT may use multiple weaknesses and formats to gain access to sensitive information. These are not only digital threats, though digital is becoming more and more popular. They can be physical threats as well, such as a fake cable guy coming to “check your connection”.

Security Development

The driving point behind RT is to think like the enemy. If you use a different perspective, you’ll find weak spots you didn’t know were there. Finding these areas can allow you to strengthen your security. Start with general weaknesses and follow their trail to the most refined points.

Let’s take a look at how you might do this when installing a security system, especially cameras. The goal is to get the best view, capturing as much as floor space as possible, but also accounting for the potential to disable the camera. When you think like the enemy, you consider things like how they might cut wires or spray the lense. Hence, you might go to a secure wireless network and a camouflaged camera.

But even a wireless system can be hacked, so you still have to be smart about securing it through your provider, with your passwords, and even designating whether it’s discoverable or not.

As bad as it sounds, there is a lot of “smart” technology in our homes: refrigerators, washers, dryers, thermostats — all of which can be hacked. These all are on the same network as your cellphone or computer, even your fancy wireless printer is a possible breach site. Keeping the gateway to your network secure is just the first step.

Did you know that a phone, USB drive, or even a CD can contain codes to break into your computer, even if it seems like harmless pictures, or music? They can carry “crumbs” that can open a backdoor into your software and in turn, your sensitive info. So, while you might start with something as simple as securing your router, you also need to follow that trail to these finer points.

Even direct communication can be dangerous. People come door to door, ask for your identity verification, and even call their supposed employer. It’s not hard to fake a utility company’s uniform, or a cable company’s. These are other potential ways for people to gain access to your home. In this case, you would start by installing a bar or chain lock on the door that allows you to partially open it. If you didn’t call for any sort of service, use the rule of never letting a stranger in your house. Remember, they will use all sorts of tactics, including pleas for help, posing as service people, and in some cases, even posing as police officers.

Make sure to question everyone and everything you don’t trust, it could save you, your family, and others from potential harm. As usual, we encourage you to practice all of these scenarios and more, so you aren’t caught off guard if the real thing should ever happen.

Copyright 2020,