The Red Team industry is very niche and frankly, there aren’t many simple Red Team frameworks. From a technical standpoint, and from a general capabilities standpoint, there are a few in depth guides but they all are fairly in depth, wordy and difficult to get the interesting bits from.
For the past several years, I have been documenting, taking notes and generally just considering how I think a good Red Team would operate. This ended up in a notebook with a bunch of jumbled thoughts.
This started with a traditional little maturity pyramid but eventually grew. As this progressed, it became apparent that Maturity Models are not dictators of success. There is so much more at play and those will depend on your organization, your leaders, and basically everything. The current state is a matrix and a companion post. This is sure to adapt and evolve with the Red Team industry.
“The more that you read, the more things you will know, the more that you learn, the more places you will go” - Dr. Seuss
I ended up with various Red Team resources, these include PDF’s, infographs, books and blog posts. I placed these in a different GH repo since they don’t fit into the Maturity Model.
Major thanks to a couple folks for providing feedback and a ton of suggestions on this, notably @thesubtlety.
If you want to contribute, please make a pull request or submit an issue at the github pages site.
You can contact me on Twitter or by email at admin(@)jordanpotti.com
This work is licensed under a Creative Commons Attribution 4.0 International License.