Yaksas CSC

Your Guardian in the Cyber World

  • Yaksas CSC Home
  • Home
  • About Us
    • Overview
    • Why Yakṣas?
  • Got a Question?
    • Cyber Security Basics
    • Cyber Security Education & Career
    • How to stay safe?
  • Get Invloved
    • Write for Us
    • YCSC QnA Dialogue
    • Translate Articles
  • Contact Yakṣas
  • Press Release
    • NCSAM 2015 Champion
    • STOP. THINK. CONNECT. Partner
Book Review: Red Team Development and Operations by Joe Vest and James Tubberville

Uday Mittal February 24, 2021

Book Review: Red Team Development and Operations by Joe Vest and James Tubberville

Red Team OperationsI recently picked up this book, Red Team Development and Operations by Joe Vest and James Tubberville, while searching for material to read on Red Teaming. While this is not the only book on the subject, I was intrigued by the ‘Zero-Day Edition’ (along with this content, of course). Also, it was published recently (at the time of writing), in January 2020.

Content Overview

The authors have designed this book to be a ‘practical guide’. This means that the concepts and tips from this book can be directly applied to real-world red team engagements. The content is organized to align with various phases of a red team engagement.

There are six sections in this book:

  • Introduction – This section establishes the context for rest of the book. It describes basics such as threats, vulnerability assessments, penetration testing, red teaming, red team goals, red team organization etc. It also lists out differences between a vulnerability assessment, a penetration test and a red team engagement.
  • Engagement Planning – As the name suggests, this section describes the planning phase in detail. The authors cover various areas, such as scoping, team size, costs, roles and responsibilities, rules of engagement, scenario models, execution phases etc., that go into planning a red team engagement. There’s a lot of information packed in this chapter as the authors believe planning is the most important phase of an engagement.
  • Engagement Execution – This section covers the execution phase of a red team engagement. Authors’ focus in this section is on data collection, activity and operator logs, understanding and implementing an adversary’s TTPs, command and control center etc.
  • Engagement Culmination – This section describes activities that should be performed after the execution phase. These include verifying operator logs, removing any sensitive artifacts, executive and technical briefings.
  • Engagement Reporting – Finally, the authors describe how an engagement report should be prepared. What should be included and what not. The authors emphasize that a red team engagement report should be a chronological story-driven report.
  • Summary and Conclusion – This section contains the closing remarks from the authors and a summary of earlier chapters.

Salient features

Here are a few things I liked about this book:

  • I got to learn some new red teaming concepts such as C2 tiers, C2 re-directors, domain fronting, de-confliction, two person integrity etc.
  • It is written in a simple and easy to understand manner.
  • Authors have included some interesting puzzles (thought exercises) at the end of the book.
  • The companion website provides a lot of ready-to-use material.
  • Provides a good starting point for understanding and conducting a red team engagement.
  • It is good for penetration testers, new red teamers, information security managers and executives of organizations opting for a red team engagement.

Not so salient features

Here are a few things I did not like about this book:

  • There are too many things covered for a book of this length and size.
  • It gets repetitive at certain points, to the extent that same text is copy-pasted in multiple sub-sections.
  • It just dips into technical aspects of red teaming, there’s no deep-dive.
  • I found the content organization to be a bit haphazard.

My rating 3.0 / 5.0

Other book reviews

  • Container Security by Liz Rice
  • Web Application Security by Andrew Hoffman

Related Posts

  • Book Review: Practical Threat Intelligence and Data-Driven Threat HuntingBook Review: Practical Threat Intelligence and Data-Driven Threat Hunting
  • Book Review: Container Security by Liz RiceBook Review: Container Security by Liz Rice
mm
Uday Mittal

Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.

Filed Under: Book Reviews, Good Reads, Non-Fiction Tagged With: Cybersecurity books, red teaming

Trackbacks

  1. view says:
    April 24, 2022 at 7:29 am

    view

    Book Review: Red Team Development and Operations by Joe Vest and James Tubberville – Yaksas CSC

Optin Form

Search

Follow us on Twitter

My Tweets

Categories

Tags

Active directory adsecurity adsi adsisearcher adversary emulation Android attack active directory awareness blue whale challenge Certification CISSP Cloud security command and control crte crtp cyber-warfare Cyber Security Cybersecurity books Cybersecurity Cannon domain enumeration Edward Snowden forest enumeration hacker Information Security ISACA Kali Linux Mass Surveillance Mobile Security Narendra Modi NSA offensive security Online Safety Password Penetration Testing pentest poshc2 powersploit Powerview privacy red team red teaming Risk Management Social Media user enumeration Wifi

Top Posts

  • 7 Ways to Cover Your Device's Camera
    7 Ways to Cover Your Device's Camera
  • Mona.py for exploit devs: 6 must know commands
    Mona.py for exploit devs: 6 must know commands
  • Social-Engineer Toolkit: An Introduction
    Social-Engineer Toolkit: An Introduction
  • CISA: Everything You Need to Know
    CISA: Everything You Need to Know
  • Active Directory User Enumeration using PowerView
    Active Directory User Enumeration using PowerView
  • Red Team Operations Attack Lifecycle
    Red Team Operations Attack Lifecycle

© Copyright 2020 ElliteDevs · All Rights Reserved · Powered by WordPress