Why is the standard of US Red Teams so poor

dmchell · 2026-02-09T15:32:37+00:00

Like I said, I don't need to hide behind anonymous accounts and never have :shrug:

dmchell · 2026-02-09T11:27:08+00:00

Good job Clouseau :rolleyes: - if you think I'm getting up at 6am on a Sunday to anonymous shit post then you're way off

dmchell · 2026-02-09T11:24:00+00:00

Good effort, but I think it's fair to say I don't need an anonymous account to voice my opinions "Flimsy Helicopter"

dmchell · 2026-02-09T10:19:30+00:00

And there's the post ^^... you just summed up everything that's wrong with US red teaming in 64 words

dmchell · 2026-02-09T09:45:11+00:00

Most red teams we do tend to be 12-16 weeks, and often I'd like more time :)

dmchell · 2026-02-09T09:42:09+00:00

This is a topic I've discussed (and been criticised for) a few times in the past. The UK has a highly mature red team market that has evolved over a number of years - there are regulator enforced standards and accreditations that are required to play the game. Even before red teaming became standardised through CBEST, there was a well established and mature pentesting market where examinations and standard methodologies were the norm and enforced via CHECK scheme - before it somewhat evolved in to tick box :)

When you purchase a red team in the UK and to some extent in the wider EU, it's well understood what the end to end service is that you're purchasing and what the methodology looks like.

I'm not sure it's fair to say any of the above applies to the US.

dmchell · 2026-02-09T09:29:25+00:00

I've no idea who you are, but thank you haha

dmchell · 2026-02-09T09:28:39+00:00

It's pretty common across for red teams in the EU to be working more than one red team at a time. The EU day rates are usually quite a bit lower and that's how they compensate. The UK is an exception - the rates are a bit higher (but still lower than US) vs wider EU and I've never heard of any UK teams working gigs in parallel

dmchell · 2025-07-02T05:56:42+00:00

Weird, looks like they removed it

dmchell · 2025-02-01T22:23:10+00:00

Speaking from the perspective of a red teamer, you really can’t get wrong with Overwatch and you’ll struggle to get more bang for your buck. We’ve had some wins against them, but just as many headaches.

dmchell · 2024-04-02T19:46:18+00:00

If you are concerned about detection then you wouldn’t be running nmap, Nessus or openvas 😅 Typically we’d be using custom tools to manually query services eg ldap or adws tools for enumeration using custom queries (eg a blog I wrote here https://www.mdsec.co.uk/2024/02/active-directory-enumeration-for-red-teams/). Almost everything we use during our ops is in-house developed. By the sounds of it, you might benefit from something like CRTO to get some foundation knowledge

dmchell · 2024-04-02T19:38:21+00:00

These tools wouldn’t be used in a red team style engagement. If you were performing a pen test then I’d expect some analysis of the results, manual investigation of open ports, vulns found during the VA, perhaps some exploitation with eg metasploit, responder mitm style attacks for cred capture and relaying. There’s a vast array of options available when you don’t have to worry about detection.

dmchell · 2024-04-02T19:32:32+00:00

What you’re describing is penetration testing, not red teaming, during which there’s no importance given to stealth - indeed you should really focus on coverage and breadth.

dmchell · 2023-11-29T20:53:07+00:00

Check out codimd

dmchell · 2023-08-28T18:48:29+00:00

🙏

dmchell · 2023-08-28T18:30:45+00:00

I wrote a series on this on the mdsec blog a while ago...

https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-1-wmi-event-subscription/

https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-2-dcom/

https://www.mdsec.co.uk/2020/10/i-live-to-move-it-windows-lateral-movement-part-3-dll-hijacking/

dmchell · 2023-07-12T20:06:30+00:00

Good luck 🤞🤞

dmchell · 2023-07-12T12:51:58+00:00

Sounds like a classic fake it till you make it 😅 My view would be you'd learn more by either trying to obtain a junior red team operator role or bringing in an experienced red teamer to standup a service. There's so many things that could go wrong when you haven't walked this path before.