Jump to content

Talk:Red team/Archive 1

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
Archive 1

Proposed Changes

It's been two years without any traction, thought it may be worthwhile to jump in here before making a ton of changes.

  • Refocus article on actual red teaming; pair down military background
  • Define when organizations will actually benefit from a red team
  • Discuss differences between penetration testing, security assessments, tiger teams, etc
  • Cover impact of performing red team on immature organizations
  • Create a complimentary article on blue teaming

Any thoughts or oppositions? - Aghassemlouei (talk) 08:10, 12 March 2016 (UTC)

reference in real world

http://www.economist.com/news/international/21678236-lot-what-passes-security-airports-more-theatrical-real-no-more

Sucks

This article sucks. It starts out describing red teams as penetration testers and then without much segue dives into "red team" as it pertains to Army operations, testing and risk management. It looks like one guy wanted to start writing about penetration testing and then some Army asshole showed up and did a copy/paste from their field manual.

I agree; I just read the whole article and I still have no idea what it really means at a basic level Theguyi26 (talk) 22:07, 27 April 2012 (UTC)theguyi26

Agree. It's a mess. Titusmars (talk) 22:28, 23 January 2014 (UTC)

Academic Hours

Is it only 720? I thought it was 740 or 750. Probably not a big difference though either way.

Using Red Team concept in the Civilian World

Here is a link to a firm that uses the "red team" concept to create alternative strategies in the areas of workflow efficiency, document management, change management, and project implementation.

www.redteamadvisors.com —Preceding unsigned comment added by FlashG1 (talkcontribs) 16:39, 30 April 2008 (UTC)

Merge Discussion

I know the term Red Team from the civilian side of penetration testing, not just from a military perspective. Merging it with Red Cell and Tiger Team may lose this meaning. Suggest also starting an article or section for Blue Team, which is the defending team in penetration testing. —Preceding unsigned comment added by Pradameinhoff (talkcontribs) 13:42, 16 September 2010 (UTC)

Oppose merge Tiger Team with Red Team. A Tiger Team appears to be a generalized troubleshooting team, rather than an OPFOR-style Red Team. These are sufficiently different to warrant distinct articles.
*Septegram*Talk*Contributions* 05:21, 9 June 2011 (UTC)

Oppose merge Tiger Team with Red Team. I think Septegram has a valid point. LQ Ninja2 (talk) 14:34, 20 January 2013 (UTC)

Blue Team

There is no complementary article for Blue Team, there should be. The Blue Team article is for a more obscure use. 70.51.9.118 (talk) 06:12, 2 July 2008 (UTC)

The Blue Team link redirects to something unrelated. — Preceding unsigned comment added by 146.103.254.11 (talk) 13:54, 5 October 2017 (UTC)

Content

I think we need to add or seperate this into fields. ie, Military, Computer, Buisness LQ Ninja2 (talk) 14:31, 20 January 2013 (UTC)

Is this notion used in journalism?

In the tv series The Newsroom (several episodes in season 2) the concept of "red team" is mentioned as a matter of course, without much explanation. In real life newspapers or tv news shows, is the idea of having a red team to look for holes in a story

  • standard procedure?
  • considered a "good idea, if we only had the resources"?
  • irrelevant / unknown?

--The very model of a minor general (talk) 20:22, 26 September 2013 (UTC)

Hello fellow Wikipedians,

I have just added archive links to one external link on Red team. Please take a moment to review my edit. If necessary, add {{cbignore}} after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—cyberbot IITalk to my owner:Online 14:24, 15 February 2016 (UTC)

Fresh Look -- delete the tags or delete the article

This article has been on the backlog three years with no substantial improvement. The section on the USMC was copied from somewhere. The public domain origin of the article is no longer available. I suggest two options: delete the article, or delete all the tags. An interminable discussion is doing no one any good. Rhadow (talk) 11:05, 11 August 2017 (UTC)

Hello fellow Wikipedians,

I have just modified 2 external links on Red team. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 04:33, 18 September 2017 (UTC)

Hello fellow Wikipedians,

I have just modified one external link on Red team. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 00:31, 13 January 2018 (UTC)

News Version

The version of a Red team used for news programs should be mentioned, or at least the fact that it is used in the second season of The Newsroom. See here for at least on source. --Elisfkc (talk) 13:52, 17 July 2018 (UTC)

Example:Fixed typos, added contents, links syntax to Oauth/user Zuradr (talk) 07:11, 30 September 2019 (UTC)

Example:Fixed typos, added contents, links syntax to Oauth/user Zuradr (talk) 07:11, 30 September 2019 (UTC)

Ambiguous language

"The U.S. Army then stood up a service-level Red Team, the Army Directed Studies Office, in 2004. This was the first service-level Red Team and until 2011 was the largest in the Department of Defense (DoD)." "stood up"? this colloquialism is ambiguous and misleading. I'd suggest a change if I knew what it meant in this context.

Prior content in this article duplicated one or more previously published sources. The material was copied from: infysec.com/services/redteam-testing. Copied or closely paraphrased material has been rewritten or removed and must not be restored, unless it is duly released under a compatible license. (For more information, please see "using copyrighted works from others" if you are not the copyright holder of this material, or "donating copyrighted materials" if you are.)

For legal reasons, we cannot accept copyrighted text or images borrowed from other web sites or published material; such additions will be deleted. Contributors may use copyrighted publications as a source of information, and, if allowed under fair use, may copy sentences and phrases, provided they are included in quotation marks and referenced properly. The material may also be rewritten, providing it does not infringe on the copyright of the original or plagiarize from that source. Therefore, such paraphrased portions must provide their source. Please see our guideline on non-free text for how to properly implement limited quotations of copyrighted text. Wikipedia takes copyright violations very seriously, and persistent violators will be blocked from editing. While we appreciate contributions, we must require all contributors to understand and comply with these policies. Thank you. LampGenie01 (talk) 18:46, 14 December 2019 (UTC)

Since this is still open at Wikipedia:Copyright_problems/2019_December_14, a few notes for posterity:
  • [1] displays a few sentences that were cut from the article in 2019. It looks like those were both copied from here, rather than the other way around. You can see the sentences have been in the article for a long time, have had their wording change slowly over time, and then appeared at that website in their 2018 form.
  • If I run Earwigs now, I also get a hit to [2] which also appears to be backwardscopied from Wikipedia. Same thing: the section copied there was slowly built over years here, then appears to have been imported en masse there in 2018.
If anyone has further concerns about the article's copyright status, feel free to re-post it at WP:CP. Otherwise I'll close the 2019 report as resolved with no revdel necessary. Thanks! Ajpolino (talk) 21:45, 8 October 2020 (UTC)

Issues with lead clarity

I recently arrived here from a link in a cybersecurity article. After reading the lead, I was not able to get a good idea of what a red team is. The current first sentence, A red team is a group that helps organizations to improve themselves by providing opposition to the point of view of the organization that they are helping. is not very clear.

"improve themselves by providing opposition to the point of view of the organization that they are helping" is not succinct. Improve themselves how? Oppose how? "Opposition to the point of view", what is opposition?

Instead of trying to fix this sentence, and risk messing up the definition of red team for other organizations, I tried to fix the cybersecurity definition by adding the cybersecurity definition to the lead. But it recently got removed from the lead.

So I'd like to suggest that we need to fix the root issue of the wording of the first sentence. Thoughts? –Novem Linguae (talk) 01:42, 22 December 2020 (UTC)

@User:Novem_Linguae The first sentence is very unclear. Maybe "opposition" means "blue team" - who knows? The second sentence says about overcoming "cultural bias", which is misleading because it has very little to do with cybersecurity. So IMO, the first two sentences should be changed. Anyway, we need a good source. What do you think about this one? 85.193.228.103 (talk) 12:12, 22 December 2020 (UTC)
Thanks for looking into sources. I did a quick check, looks like not a lot of our official reliable sources (listed at WP:RSP) cover this topic. However, I found a "magazine", which is probably more reliable than blogs. What do you think of this one? Security Magazine. They also talk about red teams and pen tests being a different concept, and explain the differences, so that's good. –Novem Linguae (talk) 15:14, 22 December 2020 (UTC)
It looks like a very good article from a reliable source, the more so because the source was used in Wikipedia (15 times so far). But the source mentioned by me contains ready-made definitions (which should be rephrased a bit, of course). Do you consider it a blog? Both websites make money by selling something indirectly or by being affiliated with third parties. It is always about money :-) But yes - "your" website looks more suitable as a source, though it needs more creativity from us as editors. 85.193.228.103 (talk) 17:13, 22 December 2020 (UTC)
I took another look at your website. Looks like it's lower quality than a blog. It's a sales page for a company. I mean, you can use ideas from that page if you think they're correct. But from a Wikipedia policy perspective, I think that source would be considered an unreliable source. WP:RS. But that aside, if you want to take a stab at re-writing the lead, go for it. Other editors can always jump in and improve whatever we change it to. –Novem Linguae (talk) 17:55, 22 December 2020 (UTC)
My website contains essential information, easy to understand for laymen, while the article in your magazine does not even explain what a "red team" means. It also uses a jargon word "pentest". My first connotation was "pen + test", which did not make any sense. I think that our article is for laymen and should be clear and readable. Professionals will find a better and probably highly specialized source of information. Maybe you know much more about cybersecurity than me. If so, then feel free to use your expertize. Computer Science is a huge field of knowledge. It is hard to be good at everything. For example I am good in Python but I don't know much about C/C++. Some claim to know five programming languages. But it often means that they can write only a 30 line script that draws circles on a screen. Sometimes each circle has different color and size, in case of an advanced programmer ;-) 85.193.228.103 (talk) 20:00, 22 December 2020 (UTC)
Nope, no cybersecurity for me. Cybersecurity is a sub-field of sysadmin. Programming and sysadmin are different.
Pentest isn't that jargon-y. It has a wikipedia article at pentest.
Anyway, I'm just letting you know the policy. But like I said, I think you should go re-write the lead using your source anyway. Others can always "upgrade" the sources later. –Novem Linguae (talk) 20:09, 22 December 2020 (UTC)
Hmm. Redirecting from a jargon word is no criterion. Jargon is "words or expressions that are used by a particular profession or group of people, and are difficult for others to understand", which perfectly matches our word. Even "firewall" and "cache" are classified as jargon. Besides, try this. Note that this dictionary contains even very rare words.
But back to the topic. According to our article "red team" is a generic term that refers to various fields, and cybersecurity is only one of them. So I will not take the risk of being reverted. 85.193.228.103 (talk) 21:31, 22 December 2020 (UTC)

Feedback

Don't have the energy to do a full review, but I though I may place some feedback here while you're waiting for somebody to pick it up. In general, pretty impressive!

  • Difficult to avoid all the jargon, but I didn't understand "Credential hunting", "tabletop exercises",
  • In places the article has elements of a 'how-to' style. A search for "should" should help identify a few instances. It may be better to omit or reword sentences like "This should be taken into account, and red team member's machines secured". I think a sentence like "Data can sometimes be exported from tools and then inserted into the graph database." may be similarly too "how-to", and a bit on the vague side anyway.
  • There is a bit of a bias towards the US. Does this reflect the wider literature? I can imagine literature on this may be published outside of academia, and therefore not in English..
  • also newer attack vectors such as cryptocurrency mining -> I don't understand how this can be an attack vector.

—Femke 🐦 (talk) 20:29, 24 May 2023 (UTC)

GA Review

The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.


This review is transcluded from Talk:Red team/GA1. The edit link for this section can be used to add comments to the review.

Reviewer: FormalDude (talk · contribs) 10:01, 28 May 2023 (UTC)

GA review (see here for what the criteria are, and here for what they are not)

  1. It is reasonably well written.
    a. (prose, spelling, and grammar):
    All good.
    b. (MoS for lead, layout, word choice, fiction, and lists):
    MOS compliant.
  2. It is factually accurate and verifiable.
    a. (reference section):
    Passes spot checks.
    b. (citations to reliable sources):
    All in-line citations are from reliable sources.
    c. (OR):
    Passes spot checks.
    d. (copyvio and plagiarism):
    Found no copied or closely paraphrased text in the article.
  3. It is broad in its coverage.
    a. (major aspects):
    Addresses the main aspects of the topic.
    b. (focused):
  4. It follows the neutral point of view policy.
    Fair representation without bias:
    No NPOV concerns.
  5. It is stable.
    No edit wars, etc.:
    Do not see any changing significantly from day to day because of an ongoing edit war or content dispute.
  6. It is illustrated by images and other media, where possible and appropriate.
    a. (images are tagged and non-free content have non-free use rationales):
    One copyvio found, since removed.
    b. (appropriate use with suitable captions):
    Appropriate and relevant.
  7. Overall:
    Pass/fail:  Pass
    Meets all 6 criteria, happy to pass. Thanks for your work Novem Linguae! ––FormalDude (talk) 14:55, 2 June 2023 (UTC)

(Criteria marked are unassessed)

Comments

Starting the review soon. I will make comments here and update the progress above as we go. ––FormalDude (talk) 10:01, 28 May 2023 (UTC)

  • Change who are responsible for defending networks and computers at an organization against attack → who are responsible for defending an organization's networks and computers at against attack  Fixed
  • Not sure if the "types" section heading is needed.  Fixed
  • wikilink digital security to Computer security  Fixed
  • In fact, a role of the red team is to increase the skills of the blue team – Remove "In fact"  Fixed
  • Red teams will typically have very good graph databases of their own organization – Replace "typically" with "usually" or a similar synonym to avoid repetition from the previous sentence.  Fixed
  • I am of the opinion there are too many images of 9/11 in Wikipedia articles that only tangentially relate to the event.  Fixed
  • Remove File:Medium Rucksack.jpg as a copyvio.
  • It can sometimes be worthwhile to engage in "active defense" – why?  Fixed
  • Unlike cybersecurity, which typically has many layers of security – reword to remove starting sentences consecutively with "Unlike cybersecurity"  Fixed
  • A single vehicle rather than a convoy of vehicles, and a vehicle with exterior lights turned off, is less conspicuous. The use of red lights, for example red flashlights, can help reduce the visibility of lights. – missing inline citation and is a bit too close to WP:NOTHOWTO.  Fixed
  • Red teaming is sometimes utilized by organizations outside the United States – Only sometimes? Is it not common outside the U.S.?
  • Overall seems to lack representation of a worldwide view of the subject. I'd like to see more countries covered if at all possible.
    • To address these two bullets, I added information about the TIBER-EU framework, Israel's Ipcha Mistabra, and NATO. Please let me know if more non-United States examples are needed. –Novem Linguae (talk) 10:38, 2 June 2023 (UTC)
  • For example, command-line interface (CLI) – duplicate wl and second appearance so it can use just the abbreviation.  Fixed
  • tactics, techniques, and procedures (TTPs) will be used – duplicate wl and second appearance so it can use just the abbreviation.  Fixed
  • The United States Department of Defense (DoD) – duplicate wl and second appearance so it can use just the abbreviation.  Fixed
  • Remove the following duplicate wikilinks: groupthink, board game, September 11 attacks, Central Intelligence Agency, Red Cell, United States Army, blue team, social engineering, Bluetooth, Transportation Security Administration, OPFOR.  Fixed
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

A Commons file used on this page or its Wikidata item has been nominated for speedy deletion

The following Wikimedia Commons file used on this page or its Wikidata item has been nominated for speedy deletion:

You can see the reason for deletion at the file description page linked above. —Community Tech bot (talk) 14:53, 29 May 2023 (UTC)