Talk:Red team/Archive 1
This is an archive of past discussions about Red team. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page. |
Archive 1 |
Proposed Changes
It's been two years without any traction, thought it may be worthwhile to jump in here before making a ton of changes.
- Refocus article on actual red teaming; pair down military background
- Define when organizations will actually benefit from a red team
- Discuss differences between penetration testing, security assessments, tiger teams, etc
- Cover impact of performing red team on immature organizations
- Create a complimentary article on blue teaming
Any thoughts or oppositions? - Aghassemlouei (talk) 08:10, 12 March 2016 (UTC)
reference in real world
Sucks
This article sucks. It starts out describing red teams as penetration testers and then without much segue dives into "red team" as it pertains to Army operations, testing and risk management. It looks like one guy wanted to start writing about penetration testing and then some Army asshole showed up and did a copy/paste from their field manual.
I agree; I just read the whole article and I still have no idea what it really means at a basic level Theguyi26 (talk) 22:07, 27 April 2012 (UTC)theguyi26
Agree. It's a mess. Titusmars (talk) 22:28, 23 January 2014 (UTC)
Academic Hours
Is it only 720? I thought it was 740 or 750. Probably not a big difference though either way.
Using Red Team concept in the Civilian World
Here is a link to a firm that uses the "red team" concept to create alternative strategies in the areas of workflow efficiency, document management, change management, and project implementation.
www.redteamadvisors.com —Preceding unsigned comment added by FlashG1 (talk • contribs) 16:39, 30 April 2008 (UTC)
Merge Discussion
I know the term Red Team from the civilian side of penetration testing, not just from a military perspective. Merging it with Red Cell and Tiger Team may lose this meaning. Suggest also starting an article or section for Blue Team, which is the defending team in penetration testing. —Preceding unsigned comment added by Pradameinhoff (talk • contribs) 13:42, 16 September 2010 (UTC)
Oppose merge Tiger Team with Red Team. A Tiger Team appears to be a generalized troubleshooting team, rather than an OPFOR-style Red Team. These are sufficiently different to warrant distinct articles.
*Septegram*Talk*Contributions* 05:21, 9 June 2011 (UTC)
Oppose merge Tiger Team with Red Team. I think Septegram has a valid point. LQ Ninja2 (talk) 14:34, 20 January 2013 (UTC)
Blue Team
There is no complementary article for Blue Team, there should be. The Blue Team article is for a more obscure use. 70.51.9.118 (talk) 06:12, 2 July 2008 (UTC)
The Blue Team link redirects to something unrelated. — Preceding unsigned comment added by 146.103.254.11 (talk) 13:54, 5 October 2017 (UTC)
Content
I think we need to add or seperate this into fields. ie, Military, Computer, Buisness LQ Ninja2 (talk) 14:31, 20 January 2013 (UTC)
Is this notion used in journalism?
In the tv series The Newsroom (several episodes in season 2) the concept of "red team" is mentioned as a matter of course, without much explanation. In real life newspapers or tv news shows, is the idea of having a red team to look for holes in a story
- standard procedure?
- considered a "good idea, if we only had the resources"?
- irrelevant / unknown?
--The very model of a minor general (talk) 20:22, 26 September 2013 (UTC)
External links modified
Hello fellow Wikipedians,
I have just added archive links to one external link on Red team. Please take a moment to review my edit. If necessary, add {{cbignore}}
after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}}
to keep me off the page altogether. I made the following changes:
- Added archive https://web.archive.org/20090419081417/http://www.acq.osd.mil:80/dsb/reports/redteam.pdf to http://www.acq.osd.mil/dsb/reports/redteam.pdf/
When you have finished reviewing my changes, please set the checked parameter below to true to let others know.
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}}
(last update: 5 June 2024).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—cyberbot IITalk to my owner:Online 14:24, 15 February 2016 (UTC)
Fresh Look -- delete the tags or delete the article
This article has been on the backlog three years with no substantial improvement. The section on the USMC was copied from somewhere. The public domain origin of the article is no longer available. I suggest two options: delete the article, or delete all the tags. An interminable discussion is doing no one any good. Rhadow (talk) 11:05, 11 August 2017 (UTC)
External links modified
Hello fellow Wikipedians,
I have just modified 2 external links on Red team. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
- Added archive https://web.archive.org/web/20130302035720/http://slashdot.org/topic/bi/thinking-like-an-attacker-how-red-teams-hack-your-site-to-save-it/ to http://slashdot.org/topic/bi/thinking-like-an-attacker-how-red-teams-hack-your-site-to-save-it/
- Added archive https://web.archive.org/web/20110617105841/http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm to http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}}
(last update: 5 June 2024).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—InternetArchiveBot (Report bug) 04:33, 18 September 2017 (UTC)
External links modified
Hello fellow Wikipedians,
I have just modified one external link on Red team. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
- Added archive https://web.archive.org/web/20161201105622/http://www.dtic.mil/cjcs_directives/cdata/unlimit/m651003.pdf to http://www.dtic.mil/cjcs_directives/cdata/unlimit/m651003.pdf
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}}
(last update: 5 June 2024).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—InternetArchiveBot (Report bug) 00:31, 13 January 2018 (UTC)
News Version
The version of a Red team used for news programs should be mentioned, or at least the fact that it is used in the second season of The Newsroom. See here for at least on source. --Elisfkc (talk) 13:52, 17 July 2018 (UTC)
Example:Fixed typos, added contents, links syntax to Oauth/user Zuradr (talk) 07:11, 30 September 2019 (UTC)
Example:Fixed typos, added contents, links syntax to Oauth/user Zuradr (talk) 07:11, 30 September 2019 (UTC)
Ambiguous language
"The U.S. Army then stood up a service-level Red Team, the Army Directed Studies Office, in 2004. This was the first service-level Red Team and until 2011 was the largest in the Department of Defense (DoD)." "stood up"? this colloquialism is ambiguous and misleading. I'd suggest a change if I knew what it meant in this context.
Copyright problem removed
Prior content in this article duplicated one or more previously published sources. The material was copied from: infysec.com/services/redteam-testing. Copied or closely paraphrased material has been rewritten or removed and must not be restored, unless it is duly released under a compatible license. (For more information, please see "using copyrighted works from others" if you are not the copyright holder of this material, or "donating copyrighted materials" if you are.)
For legal reasons, we cannot accept copyrighted text or images borrowed from other web sites or published material; such additions will be deleted. Contributors may use copyrighted publications as a source of information, and, if allowed under fair use, may copy sentences and phrases, provided they are included in quotation marks and referenced properly. The material may also be rewritten, providing it does not infringe on the copyright of the original or plagiarize from that source. Therefore, such paraphrased portions must provide their source. Please see our guideline on non-free text for how to properly implement limited quotations of copyrighted text. Wikipedia takes copyright violations very seriously, and persistent violators will be blocked from editing. While we appreciate contributions, we must require all contributors to understand and comply with these policies. Thank you. LampGenie01 (talk) 18:46, 14 December 2019 (UTC)
- Since this is still open at Wikipedia:Copyright_problems/2019_December_14, a few notes for posterity:
- [1] displays a few sentences that were cut from the article in 2019. It looks like those were both copied from here, rather than the other way around. You can see the sentences have been in the article for a long time, have had their wording change slowly over time, and then appeared at that website in their 2018 form.
- If I run Earwigs now, I also get a hit to [2] which also appears to be backwardscopied from Wikipedia. Same thing: the section copied there was slowly built over years here, then appears to have been imported en masse there in 2018.
- If anyone has further concerns about the article's copyright status, feel free to re-post it at WP:CP. Otherwise I'll close the 2019 report as resolved with no revdel necessary. Thanks! Ajpolino (talk) 21:45, 8 October 2020 (UTC)
Issues with lead clarity
I recently arrived here from a link in a cybersecurity article. After reading the lead, I was not able to get a good idea of what a red team is. The current first sentence, A red team is a group that helps organizations to improve themselves by providing opposition to the point of view of the organization that they are helping.
is not very clear.
"improve themselves by providing opposition to the point of view of the organization that they are helping" is not succinct. Improve themselves how? Oppose how? "Opposition to the point of view", what is opposition?
Instead of trying to fix this sentence, and risk messing up the definition of red team for other organizations, I tried to fix the cybersecurity definition by adding the cybersecurity definition to the lead. But it recently got removed from the lead.
So I'd like to suggest that we need to fix the root issue of the wording of the first sentence. Thoughts? –Novem Linguae (talk) 01:42, 22 December 2020 (UTC)
- @User:Novem_Linguae The first sentence is very unclear. Maybe "opposition" means "blue team" - who knows? The second sentence says about overcoming "cultural bias", which is misleading because it has very little to do with cybersecurity. So IMO, the first two sentences should be changed. Anyway, we need a good source. What do you think about this one? 85.193.228.103 (talk) 12:12, 22 December 2020 (UTC)
- Thanks for looking into sources. I did a quick check, looks like not a lot of our official reliable sources (listed at WP:RSP) cover this topic. However, I found a "magazine", which is probably more reliable than blogs. What do you think of this one? Security Magazine. They also talk about red teams and pen tests being a different concept, and explain the differences, so that's good. –Novem Linguae (talk) 15:14, 22 December 2020 (UTC)
- It looks like a very good article from a reliable source, the more so because the source was used in Wikipedia (15 times so far). But the source mentioned by me contains ready-made definitions (which should be rephrased a bit, of course). Do you consider it a blog? Both websites make money by selling something indirectly or by being affiliated with third parties. It is always about money :-) But yes - "your" website looks more suitable as a source, though it needs more creativity from us as editors. 85.193.228.103 (talk) 17:13, 22 December 2020 (UTC)
- I took another look at your website. Looks like it's lower quality than a blog. It's a sales page for a company. I mean, you can use ideas from that page if you think they're correct. But from a Wikipedia policy perspective, I think that source would be considered an unreliable source. WP:RS. But that aside, if you want to take a stab at re-writing the lead, go for it. Other editors can always jump in and improve whatever we change it to. –Novem Linguae (talk) 17:55, 22 December 2020 (UTC)
- My website contains essential information, easy to understand for laymen, while the article in your magazine does not even explain what a "red team" means. It also uses a jargon word "pentest". My first connotation was "pen + test", which did not make any sense. I think that our article is for laymen and should be clear and readable. Professionals will find a better and probably highly specialized source of information. Maybe you know much more about cybersecurity than me. If so, then feel free to use your expertize. Computer Science is a huge field of knowledge. It is hard to be good at everything. For example I am good in Python but I don't know much about C/C++. Some claim to know five programming languages. But it often means that they can write only a 30 line script that draws circles on a screen. Sometimes each circle has different color and size, in case of an advanced programmer ;-) 85.193.228.103 (talk) 20:00, 22 December 2020 (UTC)
- Nope, no cybersecurity for me. Cybersecurity is a sub-field of sysadmin. Programming and sysadmin are different.
- Pentest isn't that jargon-y. It has a wikipedia article at pentest.
- Anyway, I'm just letting you know the policy. But like I said, I think you should go re-write the lead using your source anyway. Others can always "upgrade" the sources later. –Novem Linguae (talk) 20:09, 22 December 2020 (UTC)
- Hmm. Redirecting from a jargon word is no criterion. Jargon is "words or expressions that are used by a particular profession or group of people, and are difficult for others to understand", which perfectly matches our word. Even "firewall" and "cache" are classified as jargon. Besides, try this. Note that this dictionary contains even very rare words.
- But back to the topic. According to our article "red team" is a generic term that refers to various fields, and cybersecurity is only one of them. So I will not take the risk of being reverted. 85.193.228.103 (talk) 21:31, 22 December 2020 (UTC)
- My website contains essential information, easy to understand for laymen, while the article in your magazine does not even explain what a "red team" means. It also uses a jargon word "pentest". My first connotation was "pen + test", which did not make any sense. I think that our article is for laymen and should be clear and readable. Professionals will find a better and probably highly specialized source of information. Maybe you know much more about cybersecurity than me. If so, then feel free to use your expertize. Computer Science is a huge field of knowledge. It is hard to be good at everything. For example I am good in Python but I don't know much about C/C++. Some claim to know five programming languages. But it often means that they can write only a 30 line script that draws circles on a screen. Sometimes each circle has different color and size, in case of an advanced programmer ;-) 85.193.228.103 (talk) 20:00, 22 December 2020 (UTC)
- I took another look at your website. Looks like it's lower quality than a blog. It's a sales page for a company. I mean, you can use ideas from that page if you think they're correct. But from a Wikipedia policy perspective, I think that source would be considered an unreliable source. WP:RS. But that aside, if you want to take a stab at re-writing the lead, go for it. Other editors can always jump in and improve whatever we change it to. –Novem Linguae (talk) 17:55, 22 December 2020 (UTC)
- It looks like a very good article from a reliable source, the more so because the source was used in Wikipedia (15 times so far). But the source mentioned by me contains ready-made definitions (which should be rephrased a bit, of course). Do you consider it a blog? Both websites make money by selling something indirectly or by being affiliated with third parties. It is always about money :-) But yes - "your" website looks more suitable as a source, though it needs more creativity from us as editors. 85.193.228.103 (talk) 17:13, 22 December 2020 (UTC)
- Thanks for looking into sources. I did a quick check, looks like not a lot of our official reliable sources (listed at WP:RSP) cover this topic. However, I found a "magazine", which is probably more reliable than blogs. What do you think of this one? Security Magazine. They also talk about red teams and pen tests being a different concept, and explain the differences, so that's good. –Novem Linguae (talk) 15:14, 22 December 2020 (UTC)
- @User:Novem_Linguae The first sentence is very unclear. Maybe "opposition" means "blue team" - who knows? The second sentence says about overcoming "cultural bias", which is misleading because it has very little to do with cybersecurity. So IMO, the first two sentences should be changed. Anyway, we need a good source. What do you think about this one? 85.193.228.103 (talk) 12:12, 22 December 2020 (UTC)
Feedback
Don't have the energy to do a full review, but I though I may place some feedback here while you're waiting for somebody to pick it up. In general, pretty impressive!
- Difficult to avoid all the jargon, but I didn't understand "Credential hunting", "tabletop exercises",
- Fixed –Novem Linguae (talk) 11:47, 28 May 2023 (UTC)
- In places the article has elements of a 'how-to' style. A search for "should" should help identify a few instances. It may be better to omit or reword sentences like "This should be taken into account, and red team member's machines secured". I think a sentence like "Data can sometimes be exported from tools and then inserted into the graph database." may be similarly too "how-to", and a bit on the vague side anyway.
- Fixed –Novem Linguae (talk) 11:47, 28 May 2023 (UTC)
- There is a bit of a bias towards the US. Does this reflect the wider literature? I can imagine literature on this may be published outside of academia, and therefore not in English..
- You could also tackle this by being stricter in the summary style: I'm not sure we need the "In the summer of 2015.. " paragraph
- Fixed what I could easily fix. Trimmed a bunch of WP:UNDUE. –Novem Linguae (talk) 11:47, 28 May 2023 (UTC)
- also newer attack vectors such as cryptocurrency mining -> I don't understand how this can be an attack vector.
- Fixed –Novem Linguae (talk) 11:47, 28 May 2023 (UTC)
—Femke 🐦 (talk) 20:29, 24 May 2023 (UTC)
GA Review
The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.
GA toolbox |
---|
Reviewing |
- This review is transcluded from Talk:Red team/GA1. The edit link for this section can be used to add comments to the review.
Reviewer: FormalDude (talk · contribs) 10:01, 28 May 2023 (UTC)
GA review (see here for what the criteria are, and here for what they are not)
- It is reasonably well written.
- It is factually accurate and verifiable.
- a. (reference section):
- Passes spot checks.
- b. (citations to reliable sources):
- All in-line citations are from reliable sources.
- c. (OR):
- Passes spot checks.
- d. (copyvio and plagiarism):
- Found no copied or closely paraphrased text in the article.
- a. (reference section):
- It is broad in its coverage.
- a. (major aspects):
- Addresses the main aspects of the topic.
- b. (focused):
- a. (major aspects):
- It follows the neutral point of view policy.
- Fair representation without bias:
- No NPOV concerns.
- Fair representation without bias:
- It is stable.
- No edit wars, etc.:
- Do not see any changing significantly from day to day because of an ongoing edit war or content dispute.
- No edit wars, etc.:
- It is illustrated by images and other media, where possible and appropriate.
- a. (images are tagged and non-free content have non-free use rationales):
- One copyvio found, since removed.
- b. (appropriate use with suitable captions):
- Appropriate and relevant.
- a. (images are tagged and non-free content have non-free use rationales):
- Overall:
- Pass/fail: ✓ Pass
- Meets all 6 criteria, happy to pass. Thanks for your work Novem Linguae! ––FormalDude (talk) 14:55, 2 June 2023 (UTC)
- Pass/fail: ✓ Pass
(Criteria marked are unassessed)
Comments
Starting the review soon. I will make comments here and update the progress above as we go. ––FormalDude (talk) 10:01, 28 May 2023 (UTC)
- Change
who are responsible for defending networks and computers at an organization against attack
→ who are responsible for defending an organization's networks and computers at against attack Fixed - Not sure if the "types" section heading is needed. Fixed
- wikilink
digital security
to Computer security Fixed In fact, a role of the red team is to increase the skills of the blue team
– Remove "In fact" FixedRed teams will typically have very good graph databases of their own organization
– Replace "typically" with "usually" or a similar synonym to avoid repetition from the previous sentence. Fixed- I am of the opinion there are too many images of 9/11 in Wikipedia articles that only tangentially relate to the event. Fixed
- Remove File:Medium Rucksack.jpg as a copyvio.
- Fixed. Sorry about that. The image had been on Commons for over a decade and was also verified by Flicker Bot, so I assumed it was okay. –Novem Linguae (talk) 10:59, 2 June 2023 (UTC)
It can sometimes be worthwhile to engage in "active defense"
– why? FixedUnlike cybersecurity, which typically has many layers of security
– reword to remove starting sentences consecutively with "Unlike cybersecurity" FixedA single vehicle rather than a convoy of vehicles, and a vehicle with exterior lights turned off, is less conspicuous. The use of red lights, for example red flashlights, can help reduce the visibility of lights.
– missing inline citation and is a bit too close to WP:NOTHOWTO. FixedRed teaming is sometimes utilized by organizations outside the United States
– Only sometimes? Is it not common outside the U.S.?- Overall seems to lack representation of a worldwide view of the subject. I'd like to see more countries covered if at all possible.
- To address these two bullets, I added information about the TIBER-EU framework, Israel's Ipcha Mistabra, and NATO. Please let me know if more non-United States examples are needed. –Novem Linguae (talk) 10:38, 2 June 2023 (UTC)
For example, command-line interface (CLI)
– duplicate wl and second appearance so it can use just the abbreviation. Fixedtactics, techniques, and procedures (TTPs) will be used
– duplicate wl and second appearance so it can use just the abbreviation. FixedThe United States Department of Defense (DoD)
– duplicate wl and second appearance so it can use just the abbreviation. Fixed- Remove the following duplicate wikilinks: groupthink, board game, September 11 attacks, Central Intelligence Agency, Red Cell, United States Army, blue team, social engineering, Bluetooth, Transportation Security Administration, OPFOR. Fixed
A Commons file used on this page or its Wikidata item has been nominated for speedy deletion
The following Wikimedia Commons file used on this page or its Wikidata item has been nominated for speedy deletion:
You can see the reason for deletion at the file description page linked above. —Community Tech bot (talk) 14:53, 29 May 2023 (UTC)