What is Red Team & Blue Team?
At its core, there are two main players in any cybersecurity or penetration testing event. While the terminologies for the two sides vary (Hackers vs. Defenders, ‘Bad Guys’ vs ‘Good Guys’, etc.) one of the most commonly used titles is Red Team and Blue Team. To put it simply the “Red Team” is the group trying to find a way in and the “Blue Team” is the group trying to keep them out and responding if they get in.This cybersecurity landscape can be a fast pace battle ground, and while hefty research books, online classes, and lab simulations are useful for learning, in the real world you need results 'yesterday'. These two guides are real world handbooks. They contain the core information you need to know whether you are Red Team or Blue Team; acting as a reference guide for the “good stuff”. Forgot the syntax for a certain Nmap scan? trying to remember a certain Python
trick? Need a reference to compare a suspicious traffic sample to? That’s where these books come into play. These are not the type of books you use to go from zero to expert; these are the books beginners and experts alike use to keep them sharp. Take a look at our exclusive Cybrary review and decide if either of these are worth a spot in your toolkit.
If you are someone who is used to opening an advanced security book and having it read like an instruction manual, you will be surprised when you break open the RTFM. This is not an introductory book to teach you to hack. This is not a reference book you put on a shelf and forget about for a few years until you need it. This is a battle guide that you keep in your computer bag and on your person at during a penetration testing engagement. The Red Team Field Manual is broken into 9 main sections (*NIX, Windows, Networking, Tips and Tricks, Tool Syntax, Web, Databases, Programming, and Wireless) that each contain some specifically technical information on the Red Team applications of each. Imagine convincing an expert penetration tester
to take years’ worth of his notes, tips, and commonly used commands, compile them down into a 100 page manual of critical information, and this is what you get.
A key component of working in Red Team environments is that to excel you need to be fluent in many different tools, syntaxes, and command lines. When you use SQL injection
, Metterpreter, NMap, Solaris commands, Cisco firewall commands, and PowerShell all in the course of a couple hours it becomes extremely useful to have a reference to remind you of the native tongue. Google-ing is an option that can get old very quickly, be inaccurate, and require an internet connection. If you are on-site attempting a wireless intrusion and forgot a certain command, it is much better to have a quick reference guide than hope you have a cell phone connection in order to Google the answer on your phone.So, as a recap, remember this book will not teach you penetration testing. Nor will this book alone make you Red Team ready. This book is a battle manual for penetration testers who do not want to spend 15 minutes on google the next time they need a quick refresher in Scapy. This is a book that will spend less time on your shelf and more time in your go-bag and in your hands.
Written as a compliment to the RTFM, the Blue Team Handbook is a reference guide for the other side of the cybersecurity landscape. This book, while similar to its counterpart, does have some noticeable differences in the way that it is written. The BTH still covers common tools, syntax, and tips but it also discusses topics such as security defense theory and strategies. Rather than simply acting as a book filled with cheat sheets, this book gives you more insight into tools and analysis; helping the aspiring Blue Team member understand how to use tools and better recognize malicious traffic. As anyone who works in this field knows tech changes quickly. This book is about as up to date as you can get with its third edition released less than 6 months ago (October 2014). Compared to the RTFM this book has a bit more weight to it at about 150 pages compared to the RTFM's 96 pages.The BTH is quite a bit more granular in how it divides its content compared to the RTFM. While the RTFM was divided into 9 main sections this guide is broken into 40 chapters. Some of the notable chapters include:Six Steps of Incident Response (Ch. 3)The Attack Process, Tools, and IR Points (Ch. 9)Secure Communications (Ch. 10)Netcat and Crypcat for the Blue Team (Ch. 11)Malware Standard Response Pattern (Ch. 16)Linux Volatile Data System Investigation (Ch. 17)Network Traffic Analysis Techniques (Ch. 26)Suspicious Traffic Patterns (Ch. 28)Using the Snort IDS (Ch. 31)
Again this is only a partial listing of the chapters, you can check out the index with all the chapters on the book preview
. Where the RTFM is designed specifically as a reference guide, the Blue Team Handbook is friendlier to those trying to learn how to get into the field. The diagrams and charts along with the explanations of tips, tools, and theories allow this book to act as a “sit down and read” kind of book in addition to a reference guide.
- Red Team Field Manual – 7/10
- Excellent reference guide to keep in your pen-testing bag
- Covers a wide range of material
- Includes several tips new penetration testers may not be aware of
- Keeps you from constantly having to research every time you need a refresher
- Not the best for beginners
- Jumps right into syntax without much description of individual flags or operators
- Blue Team Handbook: Incident Response Guide – 8/10
- Excellent reference as well as a learning tool
- Explains the theories and usage in addition to simple cheat sheets
- Provides examples and analysis of traffic for practice
- Updated very recently to stay modern
- Charts and illustrations to assist with learning / finding material
- Some sections may not flow well
- Syntax still unexplained in certain areas