Red DevOps and Machine Learning Path
1. Red Teaming Basics
The best Red Teams will be nearly indistinguishable from standard application product teams; adapting formal development methods, using version control and releases, setting roadmaps, using CI/CD techniques, writing tests. Most Red Teams do devops natively, if unknowingly. You’ll find yourself writing code in numerous languages depending on the platforms and adversarial techniques you intend to use, and having to collaborate with others on that code. Critical to this is understanding the minimum viable product (MVP). Get it working, get it documented. If it becomes a go-to tool in the future, spend more cycles on it later. Example: Your operators need a way to search a host for sensitive files. To support them, you write a Python script that lists all potential private keys and spreadsheets. Skill Building: There’s a vast array of methods for improving here, but there are also numerous books which focus on offensive use of programming languages, such as Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz.
2. DevOps Red Teams
Infrastructure-as-code should be an aspiration for Red Teams to limit the everyday tweaking and frustration of literally having to manage an entire infrastructure for a small team. Example: Your reverse proxy should be configured to defend against nosy analysts, and this capability should be deployed automatically from a repository or container. Skill Building: Try setting up a cloud-based network lab using free-tier AWS resources, and the automation tools they offer such as CloudFormation and OpsWorks. Review the Red Team Infrastructure Wiki by @bluscreenofjeff for processes optimized for Red Teams.
3. Machine Learning
- is a small course on exploiting and defending neural networks.
4. C2 Development
4. Infrastructure Engineering