A structured planning framework document that guides red team exercise preparation with emphasis on blue team development and learning outcomes. The document provides methodological guidance for red team planning by contrasting against approaches that prioritize blue team engagement and skill development. It focuses on avoiding punitive methodologies that could negatively impact team morale or organizational cohesion. The framework includes evaluation criteria to assess the thoroughness of red team planning for maximum blue team benefit. It identifies counterproductive motivations that should be avoided, including attempts to prove organizational vulnerabilities, demonstrate technical superiority, or conduct intimidating demonstrations. The document emphasizes stakeholder engagement and leadership sponsorship as critical components for successful exercise outcomes. It provides guidance on establishing proper follow-up mechanisms and maintaining momentum from exercise learnings. The planning approach specifically excludes vulnerability enumeration exercises and basic detection mechanism testing, instead favoring constructive engagement methods that promote collaborative learning and improvement.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A collection of Python scripts for password spraying attacks against Lync/S4B & OWA, featuring Atomizer, Vaporizer, Aerosol, and Spindrift tools.
Parrot Security OS is a comprehensive, secure, and customizable operating system for cybersecurity professionals, offering over 600+ tools and utilities for red and blue team operations.
SharpPrinter enables efficient discovery of network printers for security and management purposes.
SharpEDRChecker scans system components to detect security products and tools.
Explore the top million websites, ranked by referring subnets, and gain insights into online influence and popularity.
Advanced command and control tool for red teaming and adversary simulation with extensive features and evasion capabilities.
PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.
SauronEye helps in identifying files containing sensitive data such as passwords through targeted directory searches.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.