🖥️General Info

Red Team

The National Institute of Standards and Technology (NIST) defines a red team as “a group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture.”. Essentially the red team are the offence, the attackers, the people who are attempting to, legally, break into a network and obtain information, user credentials, etc. while also attempting to move as deep/high within the network as possible.

While doing so documenting how they did so to be able to help to blue team learn and spot their weaknesses or vulnerabilities so they may fix them so this does not happen from a real world malicious attacker.

Often known as a Penetration Tester, Ethical Hacker, and in some cases Vulnerability Manager, and more.

Often known as Penetration Tester, Ethical Hacker, and in some cases Vulnerability Management.

Blue Team

The National Institute of Standards and Technology (NIST) defines a blue team as “the group responsible for defending an enterprise’s use of information systems by maintaining its security posture against a group of mock attackers.”. The blue team are the defenders. They watch for the red team, as well as real world threats. They may be in Security Operations Center (SOC) or a Network Operation Center (NOC), watching Security information and event management (SIEM) logs and being alerts on specific events such as Brute Force attacks, suspicious logins for a user, potentially malicious files, and more.

There are many titles that are associated with blue team members.

Purple Team

Purple team is a mix of Red Team and Blue Team, and each persons opinion kind of varies on what they do. I believe an effective purple team is that they are a bridge between red and blue, to work closely together to maximize cyber capabilities through continuous feedback, and share knowledge and information.