113-397: A red team is a group that attempts a physical or digital intrusion against an organization. Red Team may also refer to: Red team A red team is a group that pretends to be an enemy, attempts a physical or digital intrusion against an organization at the direction of that organization, then reports back so that the organization can improve their defenses. Red teams work for
226-417: A penetration test involves ethical hackers ("pen testers") attempting to break into a computer system, with no element of surprise. The organization is aware of the penetration test and is ready to mount a defense. A red team goes a step further, and adds physical penetration, social engineering , and an element of surprise. The blue team is given no advance warning of a red team, and will treat it as
339-474: A Bluetooth earpiece dialed into a cell phone conference call during the day, and two-way radios with earpieces at night. In case of compromise, red team members often carry identification and an authorization letter with multiple after-hours contacts who can vouch for the legality and legitimacy of the red team's activities. Before physical reconnaissance occurs, open-source intelligence (OSINT) gathering can occur by researching locations and staff members via
452-534: A Middle East war, and on 6 October 1973, Kissinger sent a further dispatch discouraging a preemptive strike. Israel was totally dependent on the United States for military resupply and sensitive to anything that might endanger that relationship. At 10:15 am, Meir met with American ambassador Kenneth Keating to inform him that Israel did not intend to preemptively start a war and asked that American efforts be directed at preventing war. Kissinger urged
565-442: A browser using Internet Explorer 's COM, Google Chrome 's remote debugging feature, or the testing framework Selenium . During a real intrusion, the red team can be repurposed to work with the blue team to help with defense. Specifically, they can provide analysis of what the intruders will likely try to do next. During an intrusion, both the red team and the blue team have a home-field advantage because they are more familiar with
678-435: A certain time period. It can also be useful to track the number of compromised machines, compromisable machines, and other metrics related to infiltration. These statistics can be graphed by day and placed on a dashboard displayed in the security operations center (SOC) to provide motivation to the blue team to detect and close breaches. In order to identify worst offenders, compromises can be graphed and grouped by where in
791-455: A computer for credentials such as passwords and session cookies , and once these are found, can be used to compromise additional computers. During intrusions from third parties, a red team may team up with the blue team to assist in defending the organization. Rules of engagement and standard operating procedures are often utilized to ensure that the red team does not cause damage during their exercises. Physical red teaming focuses on sending
904-431: A computer, looks for credentials that can be used to access a different computer, then this is repeated, with the goal of accessing many computers. Credentials can be stolen from many locations, including files, source code repositories such as Git , computer memory , and tracing and logging software. Techniques such as pass the cookie and pass the hash can be used to get access to websites and machines without entering
1017-502: A halt by a fresh ceasefire on 24 October. Anticipating a swift Israeli armored counterattack by three armored divisions, the Egyptians had armed their assault force with large numbers of man-portable anti-tank weapons— rocket-propelled grenades and the less numerous but more advanced Sagger guided missiles, which proved devastating to the first Israeli armored counterattacks. Each of the five infantry divisions that were to cross
1130-633: A junior officer proposed using high pressure water cannons. The idea was tested and found to be a sound one, and several high pressure water cannons were imported from Britain and East Germany. The water cannons effectively breached the sand walls using water from the canal. At 2:00 pm on 6 October, Operation Badr began with a large airstrike. More than 200 Egyptian aircraft conducted simultaneous strikes against three airbases, Hawk missile batteries, three command centers, artillery positions, and several radar installations. Airfields at Refidim and Bir Tamada were temporarily put out of service, and damage
1243-641: A limited scale after the Six-Day War and escalated into the War of Attrition , an attempt to wear down the Israeli position through long-term pressure. In December 1970, Egyptian President Anwar Sadat had signaled in an interview with The New York Times that, in return for a total withdrawal from the Sinai Peninsula, he was ready "to recognize the rights of Israel as an independent state as defined by
SECTION 10
#17327650124011356-461: A log file. Centralized monitoring, where important log files are quickly sent to logging software on a different machine, is a useful network defense technique. The use of rules of engagement can help to delineate which systems are off-limits, prevent security incidents, and ensure that employee privacy is respected. The use of a standard operating procedure (SOP) can ensure that the proper people are notified and involved in planning, and improve
1469-404: A military origin, and military reconnaissance techniques are applicable to physical red teaming. Red team reconnaissance equipment might include military clothing since it does not rip easily, red lights to preserve night vision and be less detectable, radios and earpieces, camera and tripod, binoculars, night vision equipment, and an all-weather notebook. Some methods of field communication include
1582-462: A minimum) reduces the chance of compromise. Some tactics of light discipline include using red flashlights, using only one vehicle, and keeping the vehicle's headlights off. Sometimes there are security changes between reconnaissance and infiltration, so it is a good practice for teams that are approaching a target to "assess and acclimate", to see if any new security measures can be seen. Compromises during infiltration are most likely to occur during
1695-418: A passenger van can be rented and the windows can be blacked out to conceal photography and videography of the target. Examining and videoing the locks of a building during a walk-around can be concealed by the recon pretending to be on the phone. In the event of compromise, such as employees becoming suspicious, a story can be rehearsed ahead of time until it can be recited confidently. If the team has split up,
1808-724: A password. Techniques such as optical character recognition (OCR), exploiting default passwords , spoofing a credential prompt, and phishing can also be used. The red team can utilize computer programming and command-line interface (CLI) scripts to automate some of their tasks. For example, CLI scripts can utilize the Component Object Model (COM) on Microsoft Windows machines in order to automate tasks in Microsoft Office applications. Useful tasks might include sending emails, searching documents, encrypting, or retrieving data. Red teams can take control of
1921-419: A permanent peace settlement and a demilitarization of the returned territories. This decision was not made public at the time, nor was it conveyed to any Arab state. Israeli Foreign Minister Abba Eban has said that it had been conveyed, but there seems to be no solid evidence to corroborate his claim; no formal peace proposal was made either directly or indirectly by Israel. The Americans, who were briefed of
2034-513: A real intrusion. One role of a permanent, in-house red team is to improve the security culture of the organization. A purple team is the temporary combination of both teams and can provide rapid information responses during a test. One advantage of purple teaming is that the red team can launch certain attacks repeatedly, and the blue team can use that to set up detection software, calibrate it, and steadily increase detection rate. Purple teams may engage in "threat hunting" sessions, where both
2147-414: A red team is exploiting, and give additional ideas for TTPs to utilize in the future. Physical red teaming or physical penetration testing involves testing the physical security of a facility, including the security practices of its employees and security equipment. Examples of security equipment include security cameras , locks , and fences . In physical red teaming, computer networks are not usually
2260-574: A room's location in advance, so this is often figured out on the fly. Reading emergency exit route signs and the use of a watch with a compass can assist with navigating inside of buildings. Commercial buildings will often have some lights left on. It is good practice to not turn lights on or off, as this may alert someone. Instead, utilizing already unlit areas is preferred for red team operations, with rushing and freezing techniques to be used to quickly move through illuminated areas. Standing full-height in front of windows and entering buildings via lobbies
2373-829: A tabletop board game . In response to the September 11 attacks , with anti-terrorism in mind, the Central Intelligence Agency created a new Red Cell , and red teams were used for modeling responses to asymmetric warfare such as terrorism . In response to the failures of the Iraq War , red teaming became more common in the United States Army . Over time, the practice of red teaming expanded to other industries and organizations, including corporations, government agencies, and non-profit organizations. The approach has become increasingly popular in
SECTION 20
#17327650124012486-414: A tabletop similar to how one would play a board game, can be used to simulate intrusions that are too expensive, too complicated, or illegal to execute live. It can be useful to attempt intrusions against the red team and the blue team, in addition to more traditional targets. Once access to a network is achieved, reconnaissance can be conducted. The data gathered can be placed in a graph database , which
2599-541: A team to gain entry to restricted areas. This is done to test and optimize physical security such as fences, cameras, alarms, locks, and employee behavior. As with technical red teaming, rules of engagement are used to ensure that red teams do not cause excessive damage during their exercises. Physical red teaming will often involve a reconnaissance phase where information is gathered and weaknesses in security are identified, and then that information will be used to conduct an operation (typically at night) to gain physical entry to
2712-471: A thick blanket over it. Anti-climb fences can be bypassed with ladders. Alarms can sometimes be neutralized with a radio jammer that targets the frequencies that alarms use for their internal and external communications. Motion sensors can be defeated with a special body-sized shield that blocks a person's heat signature. Ground sensors are prone to false positives, which can lead security personnel to not trust them or ignore them. Once inside, if there
2825-401: Is a group that oversees and manages operations between red teams and blue teams. For example, this may be a company's managers that determine the rules of engagement for the red team. The initial entry point of a red team or an adversary is called the beachhead. A mature blue team is often adept at finding the beachhead and evicting attackers. A role of the red team is to increase the skills of
2938-547: Is normally taken during exit, a closer or alternative exit can also be used. The goal of all team members is to reach the rally point, or possibly a second emergency rally point. The rally point is usually at a different location than the dropoff point. Private companies sometimes use red teams to supplement their normal security procedures and personnel. For example, Microsoft and Google utilize red teams to help secure their systems. Some financial institutions in Europe use
3051-471: Is often avoided due to the risks of being seen. A borescope can be used to peer around corners and under doors, to help spot people, cameras, or motion detectors. Once the target room has been reached, if something needs to be found such as a specific document or specific equipment, the room can be divided into sections, with each red team member focusing on a section. Passwords are often located under keyboards. Techniques can be used to avoid disturbing
3164-512: Is software that visually plots nodes, relationships, and properties. Typical nodes might be computers, users, or permission groups. Red teams will usually have very good graph databases of their own organization, because they can utilize home-field advantage , including working with the blue team to create a thorough map of the network, and a thorough list of users and administrators. A query language such as Cypher can be used to create and modify graph databases. Any type of administrator account
3277-459: Is suspicion that the building is occupied, disguising oneself as a cleaner or employee using the appropriate clothing is a good tactic. Noise discipline is often important once inside a building, as there are less ambient sounds to mask red team noises. Red teams usually have goal locations selected and tasks pre-planned for each team or team member, such as entering a server room or an executive's office. However, it can be difficult to figure out
3390-509: Is to engage in "active defense", which involves setting up decoys and honeypots to help track the location of intruders. These honeypots can help alert the blue team to a network intrusion that might otherwise have gone undetected. Various software can be used to set up a honeypot file depending on the operating system: macOS tools include OpenBMS, Linux tools include auditd plugins, and Windows tools include System Access Control Lists (SACL). Notifications can include popups, emails, and writing to
3503-477: Is usually invisible both outside the facility (the approach is not detected by bystanders or security devices) and inside the facility (no damage is done and nothing is bumped or left out of place), and does not alert anyone that a red team was there. The use of a load out list can help ensure that important red team equipment is not forgotten. The use of military equipment such as MOLLE vests and small tactical bags can provide useful places to store tools, but has
Red Team - Misplaced Pages Continue
3616-451: Is valuable to place in the graph database, including administrators of third party tools such as Amazon Web Services (AWS). Data can sometimes be exported from tools and then inserted into the graph database. Once the red team has compromised a computer, website, or system, a powerful technique is credential hunting. These can be in the form of clear text passwords , ciphertext , hashes , or access tokens . The red team gets access to
3729-542: The AT-3 Sagger anti-tank guided missile from the Soviet Union and improving its military tactics, based on Soviet battlefield doctrines. Political generals, who had in large part been responsible for the rout in 1967, were replaced with competent ones. The Soviets thought little of Sadat's chances in any war. They warned that any attempt to cross the heavily fortified Suez Canal would incur massive losses. Both
3842-516: The Agranat Commission , Brigadier General Yisrael Lior (Meir's military secretary/attaché) claimed that Mossad knew from Marwan that an attack was going to occur under the guise of a military drill a week before it occurred, but the process of passing along the information to the prime minister's office failed. On the night of 5–6 October, Marwan incorrectly informed Zamir that a joint Syrian-Egyptian attack would take place at sunset. It
3955-663: The Fourth Arab–Israeli War , was fought from 6 to 25 October 1973 between Israel and a coalition of Arab states led by Egypt and Syria . Most of the fighting occurred in the Sinai Peninsula and Golan Heights , territories occupied by Israel in 1967 . Some combat also took place in Egypt and northern Israel . Egypt aimed to secure a foothold on the eastern bank of the Suez Canal and use it to negotiate
4068-495: The Gaza Strip , for example, and expressed its willingness to reach an accord if it also implemented the provisions of United Nations Security Council Resolution 242 . This was the first time an Arab government had gone public declaring its readiness to sign a peace agreement with Israel. Israeli Prime Minister Golda Meir reacted to the overture by forming a committee to examine the proposal and vet possible concessions. When
4181-648: The Israeli–Palestinian peace process , leading to the 1978 Camp David Accords , when Israel returned the Sinai Peninsula to Egypt, and the Egypt–Israel peace treaty , the first time an Arab country recognized Israel . Egypt drifted away from the Soviet Union, eventually leaving the Eastern Bloc . The war was part of the Arab–Israeli conflict , an ongoing dispute that has included many battles and wars since
4294-756: The Security Council of the United Nations ." On 4 February 1971, Sadat gave a speech to the Egyptian National Assembly outlining a proposal under which Israel would withdraw from the Suez Canal and the Sinai Peninsula along with other occupied Arab territories. Swedish diplomat Gunnar Jarring coincidentally proposed a similar initiative four days later, on 8 February 1971. Egypt responded by accepting much of Jarring's proposals, though differing on several issues, regarding
4407-469: The Sinai Desert with two armies (both corps-sized by western standards, included the 2nd Infantry Division in the northern Second Army). By the following morning, some 850 tanks had crossed the canal. In his account of the war, Saad El Shazly noted that by the morning of 7 October, the Egyptians had lost 280 soldiers and 20 tanks, though this account is disputed. Most Israeli soldiers defending
4520-790: The United States military during the Cold War . "Red team" and the color red were used to represent the Soviet Union , and "blue team" and the color blue were used to represent the United States. Another early example involved United States Secretary of Defense Robert McNamara , who assembled a red team and a blue team to explore which government contractor should be awarded an experimental aircraft contract. Another early example modeled negotiating an arms control treaty and evaluating its effectiveness. Red teams are sometimes associated with "contrarian thinking" and fighting groupthink,
4633-689: The founding of the State of Israel in 1948. During the Six-Day War of 1967, Israel had captured Egypt's Sinai Peninsula , roughly half of Syria's Golan Heights , and the territories of the West Bank which had been held by Jordan since 1948 . On 19 June 1967, shortly after the Six-Day War, the Israeli government voted to return the Sinai to Egypt and the Golan Heights to Syria in exchange for
Red Team - Misplaced Pages Continue
4746-462: The military , and intelligence agencies . In the United States government , red teams are used by the Army , Marine Corps , Department of Defense , Federal Aviation Administration , and Transportation Security Administration . The concept of red teaming and blue teaming emerged in the early 1960s. One early example of red teaming involved the think tank RAND Corporation , which did simulations for
4859-466: The 1960s in the United States. Technical red teaming focuses on compromising networks and computers digitally. There may also be a blue team , a term for cybersecurity employees who are responsible for defending an organization's networks and computers against attack. In technical red teaming, attack vectors are used to gain access, and then reconnaissance is performed to discover more devices to potentially compromise. Credential hunting involves scouring
4972-551: The American response was a call for a cease-fire in place. The Egyptian units generally would not advance beyond a shallow strip for fear of losing the protection of their SAM batteries, which were situated on the west bank of the canal. In the Six-Day War, the Israeli Air Force had pummeled the defenseless Arab armies; this time, Egypt had heavily fortified their side of the ceasefire lines with SAM batteries provided by
5085-614: The Bar Lev Line became casualties, and some 200 were taken prisoner. In the subsequent days, some defenders of the Bar Lev Line managed to break through the Egyptian encirclement and return to their lines or were extracted during later Israeli counterattacks. For the next several days, the IAF played a minimal role in the fighting, largely because it was needed to deal with the simultaneous, and ultimately more threatening, Syrian attack in
5198-657: The Cabinet's decision by Eban, were not asked to convey it to Cairo and Damascus as official peace proposals, nor were they given indications that Israel expected a reply. Eban rejected the prospect of a mediated peace, insisting of the need for direct negotiations with the Arab governments. The Arab position, as it emerged in September 1967 at the Khartoum Arab Summit , was to reject any peaceful settlement with
5311-614: The Central Intelligence Agency, because there were major diplomatic and public relations consequences for launching a military operation into Pakistan, so it was important to double-check the original team's intelligence and conclusions. Yom Kippur War Egyptian front International front The Yom Kippur War , also known as the Ramadan War , the October War , the 1973 Arab–Israeli War , or
5424-473: The Egyptian Army conducted military exercises near the border, and Ashraf Marwan inaccurately warned that Egypt and Syria would launch a surprise attack in the middle of May. The Israeli Army mobilized with their Blue-White Alert, in response to both the warnings and exercises, at considerable cost. These exercises led some Israelis to dismiss the actual war preparations—and Marwan's warning right before
5537-487: The Egyptian Army to participate in these exercises. Two days before the outbreak of the war, on 4 October, the Egyptian command publicly announced the demobilization of part of the reservists called up during 27 September to lull Israeli suspicions. Around 20,000 troops were demobilized, and subsequently some of these men were given leave to perform the Umrah (pilgrimage) to Mecca. According to Egyptian General El-Gamasy, "On
5650-447: The Egyptian assault force of 32,000 infantry began crossing the canal in twelve waves at five separate crossing areas, from 14:05 to 17:30, in what became known as The Crossing . The Egyptians prevented Israeli forces from reinforcing the Bar Lev Line and proceeded to attack the Israeli fortifications. Meanwhile, engineers crossed over to breach the sand wall. The Israeli Air Force conducted air interdiction operations to try to prevent
5763-427: The Golan Heights. Egyptian forces then consolidated their initial positions. On 7 October, the bridgeheads were enlarged an additional 4 km ( 2 + 1 ⁄ 2 mi), at the same time repulsing Israeli counterattacks. In the north, the Egyptian 18th Division attacked the town of El-Qantarah el-Sharqiyya , engaging Israeli forces in and around the town. The fighting there was conducted at close quarters, and
SECTION 50
#17327650124015876-638: The Internet, including the company's website, social media accounts, search engines, mapping websites, and job postings (which give hints about the technology and software the company uses). It is a good practice to do multiple days of reconnaissance, to reconnoiter both during the day and at night, to bring at least three operators, to utilize a nearby staging area that is out of sight of the target, and to do reconnaissance and infiltration as two separate trips rather than combining them. Recon teams can use techniques to conceal themselves and equipment. For example,
5989-400: The Sinai with Kelt missiles , while another two Egyptian Tupolevs fired two Kelt missiles at a radar station in central Israel. One missile was shot down by a patrolling Israeli Mirage fighter, and the second fell into the sea. The attack was an attempt to warn Israel that Egypt could retaliate if it bombed targets deep within Egyptian territory. Under cover of the initial artillery barrage,
6102-404: The Sinai. Shazly's account was disputed by Kenneth Pollack, who noted that for the most part, the forts only fell to repeated assaults by superior forces or prolonged sieges over many days. The northernmost fortification of the Bar Lev Line, code-named ' Fort Budapest ', withstood repeated assaults and remained in Israeli hands throughout the war. Once the bridges were laid, additional infantry with
6215-500: The Soviet Union. On 9 October, the IDF chose to concentrate its reserves and build up its supplies while the Egyptians remained on the strategic defensive. Nixon and Kissinger held back on a full-scale resupply of arms to Israel. Short of supplies, the Israeli government reluctantly accepted a cease-fire in place on 12 October, but Sadat refused to do so. The Soviets started an airlift of arms to Syria and Egypt. The American global interest
6328-657: The Soviets and Americans were at that time pursuing détente and had no interest in seeing the Middle East destabilized. In a June 1973 meeting with American President Richard Nixon , Soviet leader Leonid Brezhnev had proposed Israel pull back to its 1967 border. Brezhnev said that if Israel did not, "we will have difficulty keeping the military situation from flaring up"—an indication that the Soviet Union had been unable to restrain Sadat's plans. Between May and August 1973,
6441-495: The Soviets to use their influence to prevent war, contacted Egypt with Israel's message of non-preemption, and sent messages to other Arab governments to enlist their help on the side of moderation. These late efforts were futile. According to Kissinger, had Israel struck first it would not have received "so much as a nail". The Egyptians had prepared for an assault across the canal and deployed five divisions totaling 100,000 soldiers, 1,350 tanks and 2,000 guns and heavy mortars for
6554-448: The State of Israel. The eight participating states—Egypt, Syria, Jordan, Lebanon, Iraq, Algeria, Kuwait, and Sudan—passed a resolution that would later become known as the "three nos": there would be no peace, no recognition and no negotiation with Israel. Prior to that, King Hussein of Jordan had stated that he could not rule out a possibility of a "real, permanent peace" between Israel and the Arab states. Armed hostilities continued on
6667-482: The Syrian army. These activities were considered puzzling but not a threat because Israeli intelligence suggested they would not attack without Egypt, and Egypt would not attack until the weaponry they wanted arrived. Despite this belief, Israel sent reinforcements to the Golan Heights. These forces were to prove critical during the early days of the war. On 27 to 30 September, two batches of reservists were called up by
6780-535: The TIBER-EU framework. When applied to intelligence work, red teaming is sometimes called alternative analysis . Alternative analysis involves bringing in fresh analysts to double-check the conclusions of another team, to challenge assumptions and make sure nothing was overlooked. Three red teams were used to review the intelligence that led to the killing of Osama bin Laden in 2011, including red teams from outside
6893-927: The approach to the facility. Employees, security, police, and bystanders are the most likely compromise a physical red team. Bystanders are rarer in rural areas, but also much more suspicious. Proper movement can help a red team avoid being spotted while approaching a target, and may include rushing, crawling, avoiding silhouetting when on hills, walking in formations such as single file, and walking in short bursts then pausing. The use of hand signals may be used to reduce noise. Common security devices include doors, locks, fences, alarms, motion sensors, and ground sensors. Doors and locks are often faster and quieter to bypass with tools and shims , rather than lock picking . RFID locks are common at businesses, and covert RFID readers combined with social engineering during reconnaissance can be used to duplicate an authorized employee's badge. Barbed wire on fences can be bypassed by placing
SECTION 60
#17327650124017006-416: The attack was launched—as another exercise. In the week leading up to Yom Kippur , the Egyptian Army staged a week-long training exercise adjacent to the Suez Canal. Israeli intelligence, detecting large troop movements towards the canal, dismissed them as mere training exercises. Movements of Syrian troops towards the border were also detected, as were the cancellation of leaves and a call-up of reserves in
7119-591: The attack. Kenneth Pollack wrote that 18 Egyptian aircraft were shot down, and that these losses prompted the cancellation of the second planned wave. In one notable engagement during this period, a pair of Israeli F-4E Phantoms challenged 28 Egyptian MiGs over Sharm el-Sheikh and within half an hour, shot down seven or eight MiGs with no losses. One of the Egyptian pilots killed was Captain Atef Sadat , President Sadat's half-brother. Simultaneously, 14 Egyptian Tupolev Tu-16 bombers attacked Israeli targets in
7232-410: The battles of Ismailia and Suez . A second ceasefire was imposed on 25 October, officially ending the war. The Yom Kippur War had significant consequences. The Arab world, humiliated by the 1967 defeat, felt psychologically vindicated by its early successes in 1973. Meanwhile, Israel, despite battlefield achievements, recognized that future military dominance was uncertain. These shifts contributed to
7345-453: The best opportunity to reach peace since the establishment of the state." Israel responded to Jarring's plan on 26 February by outlining its readiness to make some form of withdrawal, while declaring it had no intention of returning to the pre-5 June 1967 lines . Explicating the response, Eban told the Knesset that the pre-5 June 1967 lines "cannot assure Israel against aggression". Jarring
7458-456: The blue team. When infiltrating, there is a stealthy "surgical" approach that stays under the radar of the blue team and requires a clear objective, and a noisy "carpet bombing" approach that is more like a brute force attack. Carpet bombing is often the more useful approach for red teams, because it can discover unexpected vulnerabilities. There are a variety of cybersecurity threats. Threats may range from something traditional such as hacking
7571-479: The bridges from being erected, but took losses from Egyptian SAM batteries. The air attacks were ineffective overall, as the sectional design of the bridges enabled quick repairs when hit. Despite fierce resistance, the Israeli reserve brigade garrisoning the Bar-Lev forts was overwhelmed. According to Shazly, within six hours, fifteen strongpoints had been captured as Egyptian forces advanced several kilometres into
7684-408: The canal had been equipped with RPG-7 rockets and RPG-43 grenades and reinforced with an anti-tank guided missile battalion, as they would not have any armor support for nearly 12 hours. In addition, the Egyptians had built separate ramps at the crossing points, reaching as high as 21 metres (69 ft) to counter the Israeli sand wall, provide covering fire for the assaulting infantry and to counter
7797-693: The committee unanimously concluded that Israel's interests would be served by full withdrawal to the internationally recognized lines dividing Israel from Egypt and Syria, returning the Gaza Strip and, in a majority view, returning most of the West Bank and East Jerusalem, Meir was angered and shelved the document. The United States was infuriated by the cool Israeli response to Egypt's proposal, and Assistant Secretary of State for Near Eastern Affairs Joseph Sisco informed Israeli ambassador Yitzhak Rabin that "Israel would be regarded responsible for rejecting
7910-433: The compromise of one operator can result in the team leader pulling the other operators out. Concealed video cameras can be used to capture footage for later review, and debriefs can be done quickly after leaving the area so that fresh information is quickly documented. Most physical red team operations occur at night, due to reduced security of the facility and so that darkness can conceal activities. An ideal infiltration
8023-480: The downsides of being conspicuous and increasing encumbrance. Black clothing or dark camouflage can be helpful in rural areas, whereas street clothes in shades of gray and black may be preferred in urban areas. Other urban disguise items include a laptop bag, or a pair of headphones around the neck. Various types of shoe coverings can be used to minimize footprints both outdoors and indoors. Light discipline (keeping lights from vehicles, flashlights, and other tools to
8136-526: The few commandos that did filter through were ineffectual and presented nothing more than a "nuisance". Kenneth Pollack asserted that despite their heavy losses, the Egyptian commandos fought exceptionally hard and created considerable panic, prompting the Israelis to take precautions that hindered their ability to concentrate on stopping the assault across the canal. Egyptian forces advanced approximately 4 to 5 km ( 2 + 1 ⁄ 2 to 3 mi) into
8249-406: The first Israeli armored counterattacks. The Egyptian Army put great effort into finding a quick and effective way of breaching the Israeli defenses . The Israelis had built large 18-metre (59 foot) high sand walls with a 60-degree slope and reinforced with concrete at the water line. Egyptian engineers initially experimented with explosive charges and bulldozers to clear the obstacles, before
8362-537: The initiative of the operations staff, we reviewed the situation on the ground and developed a framework for the planned offensive operation. We studied the technical characteristics of the Suez Canal, the ebb and the flow of the tides, the speed of the currents and their direction, hours of darkness and of moonlight, weather conditions, and related conditions in the Mediterranean and Red sea." He explained further by saying: "Saturday 6 October 1973 (10 Ramadan 1393)
8475-578: The likelihood of Jordan joining in." On the night of 25 September, Hussein secretly flew to Tel Aviv to warn Meir of an impending Syrian attack. "Are they going to war without the Egyptians, asked Mrs. Meir. The king said he didn't think so. 'I think they [Egypt] would cooperate. ' " This warning was ignored, and Israeli intelligence indicated that Hussein had not said anything that was not already known. Throughout September, Israel received eleven warnings of war from well-placed sources. However, Mossad Director-General Zvi Zamir continued to insist that war
8588-557: The milestones are, and sharing contact information. The rules of engagement may be updated after the reconnaissance phase, with another round of back and forth between the red team and the client. The data gathered during the reconnaissance phase can be used to create an operational plan, both for internal use, and to send to the client for approval. Part of physical red teaming is performing reconnaissance. The type of reconnaissance gathered usually includes information about people, places, security devices, and weather. Reconnaissance has
8701-478: The mobilization and transportation of the military. Despite refusing to participate, King Hussein of Jordan "had met with Sadat and Assad in Alexandria two weeks before. Given the mutual suspicions prevailing among the Arab leaders, it was unlikely that he had been told any specific war plans. But it was probable that Sadat and Assad had raised the prospect of war against Israel in more general terms to feel out
8814-410: The movement of Israeli reserves to the front. These special operations often led to confusion and anxiety among Israeli commanders, who commended the Egyptian commandos. This view was contradicted by another source that stated that few commandos made it to their objectives, and were usually nothing more than a nuisance. According to Abraham Rabinovich , only the commandos near Baluza and those blocking
8927-566: The nation's despondency. War was a desperate option." Almost a full year before the war, in a meeting on 24 October 1972, with his Supreme Council of the Armed Forces , Sadat declared his intention to go to war with Israel even without proper Soviet support. In February 1973, Sadat made a final peace overture that would have included Israeli withdrawal from the Sinai Peninsula that he relayed to Kissinger via his adviser Mohammad Hafez Ismail , which Kissinger made known to Meir. Meir rejected
9040-413: The network's domain controller , or something less orthodox such as setting up cryptocurrency mining , or providing too much employee access to personally identifiable information (PII) which opens the company up to General Data Protection Regulation (GDPR) fines. Any of these threats can be red teamed, in order to explore how severe the issue is. Tabletop exercises, where intrusions are acted out over
9153-655: The onslaught. Facing them were 450 soldiers of the Jerusalem Brigade , spread out in 16 forts along the length of the canal. There were 290 Israeli tanks in all of Sinai, divided into three armored brigades, only one of which was deployed near the canal when hostilities commenced. Large bridgeheads were established on the east bank on 6 October. Israeli armoured forces launched counterattacks from 6 to 8 October, but they were often piecemeal and inadequately supported and were beaten back principally by Egyptians using portable anti-tank missiles. Between 9 and 12 October,
9266-504: The organization or are hired by the organization. Their work is legal, but can surprise some employees who may not know that red teaming is occurring, or who may be deceived by the red team. Some definitions of red team are broader, and include any group within an organization that is directed to think outside the box and look at alternative scenarios that are considered less plausible. This can be an important defense against false assumptions and groupthink . The term red teaming originated in
9379-523: The organization's networks and systems than the intruder. An organization's red team may be an attractive target for real attackers. Red team member's machines may contain sensitive information about the organization. In response, red team member's machines are often secured. Techniques for securing machines include configuring the operating system's firewall , restricting Secure Shell (SSH) and Bluetooth access, improving logging and alerts, securely deleting files, and encrypting hard drives. One tactic
9492-530: The outskirts of Damascus . Egyptian forces attempted to push further into Sinai but were repulsed, and Israeli forces crossed the Suez Canal, advancing toward Suez City. On 22 October, a UN-brokered ceasefire broke down, with both sides accusing each other of violations. By 24 October, Israel had encircled the Egyptian Third Army and Suez City, coming within 100 kilometres (62 mi) of Cairo. Egypt successfully repelled further Israeli advances in
9605-413: The peace proposal despite knowing that the only plausible alternative was going to war with Egypt. Four months before the war broke out, Kissinger made an offer to Ismail, Sadat's emissary. Kissinger proposed returning the Sinai Peninsula to Egyptian control and an Israeli withdrawal from all of Sinai, except for some strategic points. Ismail said he would return with Sadat's reply, but he never did. Sadat
9718-422: The placement of objects in offices such as keyboards and chairs, as adjusting these will often be noticed. Lights and locks can be left in their original state of on or off, locked or unlocked. Steps can be taken to ensure that equipment is not left behind, such as having a list of all equipment brought in and checking that all items are accounted for. It is good practice to radio situation reports (SITREPs) to
9831-402: The potential legal and safety consequences. The ideal way to exit a facility is slowly and carefully, similar to how entry was achieved. There is sometimes an urge to rush out after achieving a mission goal, but this is not good practice. Exiting slowly and carefully maintains situational awareness, in case a previously empty area now has someone in it or approaching it. While the entrance path
9944-403: The premises. Security devices will be identified and defeated using tools and techniques. Physical red teamers will be given specific objectives such as gaining access to a server room and taking a portable hard drive, or gaining access to an executive's office and taking confidential documents. Red teams are used in several fields, including cybersecurity , airport security , law enforcement ,
10057-454: The presentations were done, the prime minister hemmed uncertainly for a few moments but then came to a clear decision. There would be no preemptive strike. Israel might be needing American assistance soon and it was imperative that it would not be blamed for starting the war. 'If we strike first, we won't get help from anybody,' she said. Prior to the war, Kissinger and Nixon consistently warned Meir that she must not be responsible for initiating
10170-468: The red team and the blue team look for real intruders. Involving other employees in the purple team is also beneficial, for example software engineers who can help with logging and software alerts, and managers who can help identify the most financially damaging scenarios. One danger of purple teaming is complacence and the development of groupthink , which can be combatted by hiring people with different skillsets or hiring an external vendor. A white team
10283-399: The red team process, making it mature and repeatable. Red team activities typically have a regular rhythm. Tracking certain metrics or key performance indicators (KPIs) can help to make sure a red team is achieving the desired output. Examples of red team KPIs include performing a certain number of penetration tests per year, or by growing the team by a certain number of pen testers within
10396-510: The region would strengthen Soviet influence. Britain's position, on the other hand, was that war between the Arabs and Israelis could only be prevented by the implementation of United Nations Security Council Resolution 242 and a return to the pre-1967 boundaries. Sadat also had important domestic concerns in wanting war. "The three years since Sadat had taken office ... were the most demoralized in Egyptian history. ... A desiccated economy added to
10509-576: The remaining portable and recoilless anti-tank weapons began to cross the canal, while the first Egyptian tanks started to cross at 20:30. The Egyptians also attempted to land several heli-borne commando units in various areas in the Sinai to hamper the arrival of Israeli reserves. This attempt met with disaster as the Israelis shot down up to 20 helicopters, inflicting heavy casualties. Israeli Major General (res.) Chaim Herzog placed Egyptian helicopter losses at 14. Other sources claim that "several" helicopters were downed with "total loss of life" and that
10622-454: The return of the Sinai Peninsula . The war started on 6 October 1973, when the Arab coalition launched a surprise attack on Israel during the Jewish holy day of Yom Kippur , which coincided with the 10th day of Ramadan . The United States and Soviet Union engaged in massive resupply efforts for their allies (Israel and the Arab states, respectively), which heightened tensions between
10735-507: The road to Fort Budapest had measurable success. Of the 1,700 Egyptian commandos inserted behind Israeli lines during the war, 740 were killed—many in downed helicopters—and 330 taken prisoner. On 7 October, David Elazar visited Shmuel Gonen, commander of the Israeli Southern Command —who had only taken the position three months before at the retirement of Ariel Sharon—and met with Israeli commanders. The Israelis planned
10848-525: The software they were discovered, company office location, job title, or department. Monte Carlo simulations can be used to identify which intrusion scenarios are most likely, most damaging, or both. A Test Maturity Model, a type of Capability Maturity Model , can be used to assess how mature a red team is, and what the next step is to grow. The MITRE ATT&CK Navigator, a list of tactics, techniques, and procedures (TTPs) including advanced persistent threats (APTs), can be consulted to see how many TTPs
10961-415: The target. Unlike cybersecurity, which typically has many layers of security, there may only be one or two layers of physical security present. Having a "rules of engagement" document that is shared with the client is helpful, to specify which TTPs will be used, what locations may be targeted, what may not be targeted, how much damage to equipment such as locks and doors is permitted, what the plan is, what
11074-399: The team leader when unusual things happen. The team leader can then decide if the operation should continue, should be aborted, or if a team member should surrender by showing their authorization letter and ID. When confronted by civilians such as employees, red team operators can attempt social engineering. When confronted by law enforcement, it is good practice to immediately surrender due to
11187-715: The tendency of groups to make and keep assumptions even in the face of evidence to the contrary. One example of a group that was not called a red team, but that arguably was one of the earliest examples of forming a group to fight groupthink, is the Israeli Ipcha Mistabra that was formed after Israeli decision-making failures during the Yom Kippur War in 1973. The attack against Israel nearly took Israel by surprise despite ample evidence of an impending attack, and almost resulted in Israel's defeat. Ipcha Mistabra
11300-749: The training exercises, and that the Egyptians had amassed all of their crossing equipment along the canal. He then called General Shmuel Gonen , who had replaced him as head of Southern Command, and expressed his certainty that war was imminent. Zamir's concern grew on 4–5 October, as additional signs of an impending attack were detected. Soviet advisers and their families left Egypt and Syria, transport aircraft thought to be laden with military equipment landed in Cairo and Damascus , and aerial photographs revealed that Egyptian and Syrian concentrations of tanks, infantry, and surface-to-air missiles (SAMs) were at an unprecedented high. According to declassified documents from
11413-556: The two superpowers. Egyptian and Syrian forces crossed their respective ceasefire lines with Israel, advancing into the Sinai and Golan Heights. Egyptian forces crossed the Suez Canal in Operation Badr and advanced into the Sinai, while Syrian forces gained territory in the Golan Heights. After three days, Israel halted the Egyptian advance and pushed the Syrians back. Israel then launched a counteroffensive into Syria, shelling
11526-427: The war began. Elazar proposed a mobilization of the entire air force and four armored divisions, or 100,000 to 120,000 troops, while Dayan favored a mobilization of the air force and two armored divisions, or around 70,000 troops. Meir chose Elazar's proposal. Elazar argued in favor of a pre-emptive attack against Syrian airfields at noon, Syrian missiles at 3:00 pm, and Syrian ground forces at 5:00 pm: When
11639-428: The world of cybersecurity, where red teams are used to simulate real-world attacks on an organization's digital infrastructure and test the effectiveness of their cybersecurity measures. Technical red teaming involves testing the digital security of an organization by attempting to infiltrate their computer networks digitally. A blue team is a group in charge of defending against intrusions. In cybersecurity ,
11752-510: Was already determined to go to war. Only an American guarantee that the United States would fulfill the entire Arab program in a brief time could have dissuaded Sadat. Sadat declared that Egypt was prepared to "sacrifice a million Egyptian soldiers" to recover its lost territory. From the end of 1972, Egypt began a concentrated effort to build up its forces, receiving MiG-21 jet fighters, SA-2 , SA-3 , SA-6 and SA-7 antiaircraft missiles, T-55 and T-62 tanks, RPG-7 antitank weapons, and
11865-412: Was disappointed and blamed Israel for refusing to accept a complete pullout from the Sinai Peninsula. The U.S. considered Israel an ally in the Cold War and had been supplying the Israeli military since the 1960s. U.S. National Security Advisor Henry Kissinger believed that the regional balance of power hinged on maintaining Israel's military dominance over Arab countries and that an Arab victory in
11978-452: Was formed after the war, and given the duty of always presenting a contrarian, unexpected, or unorthodox analysis of foreign policy and intelligence reports, so that things would be less likely to be overlooked going forward. In the early 2000s, there are examples of red teams being used for tabletop exercises. A tabletop exercise is often used by first responders and involves acting out and planning for worst case scenarios, similar to playing
12091-402: Was inflicted on a Hawk battery at Ophir. The aerial assault was coupled with a barrage from more than 2,000 artillery pieces for a period of 53 minutes against the Bar Lev Line and rear area command posts and concentration bases. Author Andrew McGregor claimed that the success of the first strike negated the need for a second planned strike. Egypt acknowledged the loss of five aircraft during
12204-598: Was launched on 15 October. IDF forces spearheaded by Ariel Sharon's division broke through the Tasa corridor and crossed the Suez Canal to the north of the Great Bitter Lake . After intense fighting, the IDF progressed towards Cairo and advanced southwards on the east bank of the Great Bitter Lake and in the southern extent of the canal right up to Port Suez . Israeli progress towards Cairo was brought to
12317-407: Was not an Arab option, even after Hussein's warning. Zamir would later remark that "We simply didn't feel them capable [of war]." On the day before the war, General Ariel Sharon was shown aerial photographs and other intelligence by Yehoshua Saguy , his divisional intelligence officer. Sharon noticed that the concentration of Egyptian forces along the canal was far beyond anything observed during
12430-410: Was sometimes hand-to-hand. The Egyptians were forced to clear the town building by building. By evening, most of the town was in Egyptian hands. El-Qantarah was completely cleared by the next morning. Meanwhile, the Egyptian commandos airdropped on 6 October began encountering Israeli reserves the following morning. Both sides suffered heavy losses, but the commandos were at times successful in delaying
12543-627: Was the day chosen for the September–October option. Conditions for a crossing were good, it was a fast day in Israel, and the moon on that day, 10 Ramadan, shone from sunset until midnight." The war coincided that year with the Muslim month of Ramadan , when many Muslim soldiers fast . On the other hand, the fact that the attack was launched on Yom Kippur may have helped Israel to more easily marshal reserves from their homes and synagogues because roads and communication lines were largely open, easing
12656-485: Was this warning in particular, combined with the large number of other warnings, that finally goaded the Israeli High Command into action. Just hours before the attack began, orders went out for a partial call-up of the Israeli reserves . Prime Minister Golda Meir, Minister of Defense Moshe Dayan and Chief of General Staff David Elazar met at 8:05 am on the morning of Yom Kippur, six hours before
12769-451: Was to prove that Soviet arms could not dictate the outcome of the fighting, by supplying Israel. With an airlift in full swing, Washington was prepared to wait until Israeli success on the battlefield might persuade the Arabs and the Soviets to bring the fighting to an end. The Israelis decided to counterattack once Egyptian armor attempted to expand the bridgehead beyond the protective SAM umbrella. The riposte, codenamed Operation Gazelle ,
#400599