The importance of Freedom of Movement when running Red Team exercises

Freedom of Movement is an important principle when running Red Team exercises. This allows Red Team members to move throughout the organization’s network and systems to carry out their mission. By having this freedom, Red Team members can better emulate an actual attacker and identify potential security vulnerabilities.

Tools and Techniques

When it comes to the Red Team, there should be no limits on the tools and techniques that they are allowed to employ. This is because the Red Team is there to help test the security of an organization and its systems.

By using different methods, the team can identify which techniques are most effective at penetrating an organization’s security. This can help to improve the team’s overall effectiveness and ensure that they are able to identify any potential vulnerabilities in an organization’s security.

Production Systems

Allowing the Red Team access to test actual production systems is vital to a successful security program. Red team members should be able to probe systems for vulnerabilities, attempt to exploit them, and see how well the security controls are actually working. This helps to identify any gaps in the security defenses and allows for the development of better countermeasures.

Testing Hours

The Red Team should be allowed to carry out attacks at any time and any day. They should be allowed to do so whenever they deem necessary. This will help keep the organization prepared for any possible attack.

Key Questions

When designing a Red Team engagement, ask yourself “What could be the most difficult scenario to run?”. For example:

  • What is the worst possible time to run the attack? Christmas Eve?
  • What are the worst ICT assets to target? What happens if we target ICT systems that cannot be temporarily shut down?
  • What happens if we disable key incident investigation and response tools?

This line of thinking will surely cause a great deal of discontent within the company. People will be rewarded for restricting the Red Team’s mobility. It may be tough to persuade senior management to undertake a demanding Red Team exercise in some firms. If that’s the case, it means the company isn’t prepared for a worst-case scenario cyber attack.

Conclusion

Without freedom of movement, the Red Team won’t be able to effectively test the organization’s defenses. Restricting the Red Team’s movements will only make it easier for the defenders to detect and stop them. In order to truly test the organization’s defenses, the Red Team needs to be able to move around freely.

Of course, there are some limits to what the Red Team can do. There are certain areas of the network that are off-limits, and the Red Team is not allowed to damage or abuse the systems they are attacking. But within these limits, the Red Team should be able to move around freely.

Looking to expand your knowledge of red teaming? Check out our online course, MRT - Certified Red Teamer. In this course, you’ll learn about the different aspects of red teaming and how to put them into practice.