Show Menu

Red Teaming part I. Cheat Sheet (DRAFT) by

Terminology and Basics of Red Teaming (part I.) Based on OSINT

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Nº1 Objective when Red Teaming:

Meet the client's expect­ations.

Main Sources

Red Team Checklists

Campaign Planning

Engagement Plan
CONOPS, Resource and Personnel Requir­ements, Timelines
Operations Plan
Goes deeper into each Engagement Plan topic.
Execution time, Commands to run, Time Object­ives, Respon­sible Operator, etc.
Remedi­ation Plan
What to do after the engagement is done: reports, remend­iation consul­tation, etc...

Remedi­ation Plan

Optional plan that contains a summary of the engagement details and a report of findings,

States how the client can fix vulner­abi­lities. May be included in the final report.

Mission Plan includes:

Optional Command Playbooks which include the exact commands, and tools to run including when, why and how we use them. Usefull for bigger teams.

Execution Times that state when to start each engagement stage. Timestamps and may also include commands and tools.

Roles and Respon­sab­ilities of each red team cell

Operations Plan includes:

Inform­ation on employee requir­ements.

Stopping conditions: How and Why

Optional RoE

Technical Requir­ements Necessary knowledge

Engagement Plan includes:

CONOPS & Resource Plan (Timelines and required inform­ation to assure Red Team success)

e.g.: Personnel, hardware, software, cloud requir­ements, etc..

Standart RoE Structure (acc. to TryHackMe)

1. Executive Summary (Contents and Author­ization )

2. Purpose (of the RoE)

3. References -> ISO's, etc...

4. Scope -> Restri­ctions and Guidelines

5. Defini­tions -> Termin­ology

6. Rules of Engagement and Support Agreement

7. Provisions -> Adicional Info and Exceptions

8. Requir­ements, Restri­ctions, and Authority -> Red Cell's Expect­ations

9. Ground Rules -> Red Cell's limita­tions

10. Resolution of Issues­/Points of Contact

11. Author­ization - Signatures

12. Approval

13. Appendix


CONOPS Critical Compon­ents

Client Name;

Service Provider;


General Object­ive­s/P­hases;

Other Training Objectives (Exfil­tra­tion);

High-Level Tools/­Tec­hniques planned to be used;

Threat group to emulate (if any).


Rules of Engagement


A weakness in an asset or group of assets.
Can be exploited and harmed by one or more threats


Possible unwanted event.
When a threat turns into an actual event it may cause an unwanted incident.


Personal Identi­fic­ation Inform­ation


Tactics, Techniques and Procedures


Concept of Operations
How to target the client and meet his expect­ations.

White Card

A simulated event in an operat­ional test.

Used when a system is too fragile or operat­ionally critical for the advers­arial team to pursue an exploi­tation, or when the advers­arial team is unable to penetrate the system, but there is still a desire to evaluate the ability of the system to react to a penetr­ation.

Should be used only when necessary.