top of page

Recommended Reading: Red Team Development And Operations by Joe Vest and James Tubberville



Recommended to me by multiple friends in the information security industry, Joe Vest and James Tubberville have produced a stellar piece of work in their book Red Team Development and Operations. It is very much required reading for anyone genuinely serious about not just getting into red teaming as a career path, but planning and leading those engagements. Upon connecting with Joe Vest, he was kind enough to send me a review copy of his book for me to review. Let's take a look!


 

What's In The Book?


Red Team Development and Operations: Zero-Day Edition, kindly sent to me by Joe after connecting with him is a remarkably thorough introduction to the practical aspects of planning, scoping and executing a red team operation. Despite its fairly wide scope and detail, this is a very accessible book for someone who is as of yet unfamiliar with the subject matter.


Structure wise, the book is laid out in five main sections, mirroring the stages of red teaming itself:


Introduction to Red Teaming:


Reading this section of the book was a welcome experience for me. I have friends that have engaged in or have been involved in red teaming work in the past but have not had the opportunity myself to do so. A lot of the processes involved in practically planning and executing a red team engagement were very mysterious to me.


Those expecting a treasure trove of super-elite hacking techniques to add to their arsenal from a man who's been there and done it for years will sadly leave disappointed from reading this book, but that is no fault of Joe and James. The book clearly explains at the outset that this book is not a technical resource, but a resource for scoping and planning these engagements.


For anyone who was confused about the specific differences between vulnerability assessments, penetration tests, and red team engagements, Joe and James clearly explain the contents and aims of each one in very accessible terms, and with real-world examples.


Engagement Planning:


This section of the book wastes no time in getting into the nitty-gritty of actually pulling off a red teaming engagement, and the book engages with the reader as if they were the consultant planning the engagement. Scoping, cost projections (pre- and post-engagement), rules of engagement, threat profiling, handling of data - the process is gone through in excellent detail, but is never excessive or designed to beat the reader over the head with how smart the author is.


It is just made very clear that this is necessary knowledge and are necessary steps in graduating from talking about red teaming (but actually just doing penetration testing) to doing red teaming properly. This marks a refreshing change in tone and in writing style from some articles on the subject that I have read in the past.


Engagement Execution:


It is here that I will restate the purpose of this book because if you pick up this book expecting a how-to on the actual craft of red teaming, explaining the toolsets and their usage like a reference book, you will leave disappointed.


You should not be disappointed in any way, however, because even though the book assumes a fair bit of knowledge (the book does not claim to be introductory in any way), there is a wealth of useful and actionable information to take away from this section of the book.


There is useful advice for configuring C2 (Command and Control) toolsets, which binaries should be used and when in the engagement to use them, minimizing callback volumes on your C2 toolset to avoid detection - this is all invaluable advice for people graduating to this level of security assessment. I won't give too much away here, the book is well worth checking out if you're at all interested.


Engagement Culmination:


In this section of the book. the immensely important work of sanitizing or "cleaning up after one's self" after the execution phase of a Red Team engagement is explained. Joe and James go through sanitization and clean-up procedures, pre-report briefings, etc. in enough detail that actionable information can be learned, but not enough to overwhelm.


There is also an excellent section on dealing with and defusing negative organisational feedback from the execution phase or other red teaming activity that is well worth reading.


Engagement Reporting:


This section of the book, it is important to point out once more, does not spoon-feed the reader how exactly to write a report after a red team engagement. It does give the reader a wealth of useful knowledge on how to incorporate risk matrices and attack narratives in a useful and actionable manner - but it does assume that you know the basics of security reporting.



How long is the book?


Red Team Development and Operations certainly will not weigh down your bookshelf massively, weighing in at 216 pages. However, the book is massively densely packed with useful information, so do not overlook this book based on its size.


How easy is it to read?


Whilst Red Team makes no claims to be an introductory manual to the trade, the book is surprisingly accessible and is not written with excessive or dense jargon. The book has a very even-handed tone, but it should be noted that the book does assume a fair bit of knowledge about security and the consultancy process.


How much does it cost?




The book is an absolute STEAL at the price of £15.36/$17.99 on Amazon, at the moment.




Overall Impression:


I highly recommend this book for anyone genuinely serious about pursuing this avenue of cybersecurity as a profession. Whilst it has a mysterious and attractive reputation, red teaming is fairly analogous to planning a small military-style operation, with real focus placed on personnel, people management skills, cost management and conflict resolution. These are skills that most "hackers" will not have sharpened, but will require if they want to succeed. This book is an excellent resource to help along the road.


209 views0 comments

Comentarios


bottom of page