• PlexSheep@feddit.de
      link
      fedilink
      English
      arrow-up
      13
      ·
      9 months ago

      That’s inaccurate. Red Team is the guys that test your security from an attacker view point. Red Teams are often contractors hired by companies. The companies are the ones paying to be “hacked”, so they can fix whatever gaping security holes the red Team finds.

      At least, that’s usually the definition. If just talking about AI stuff, I’d call those people testers.

      • Lightdm@feddit.de
        link
        fedilink
        English
        arrow-up
        3
        ·
        9 months ago

        I always thought that people hired to pen test are white hat hackers? What is the difference to red team?

        • PlexSheep@feddit.de
          link
          fedilink
          English
          arrow-up
          4
          ·
          9 months ago

          People in red Teams are white hats. The terms describe different things. The “color wheel” is operational and thinks in the context of an organization. Red Team tries to attack our stuff, blue team tries to defend our stuff, yellow team builds our stuff etc.

          White hat is just a term for ethical hackers, black hat is a term for criminals. Grey hat means someone in-between (think political hacker defacing website of organization they don’t like), there is also some more but the shades of grey are most important.

        • theherk@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          While white hats are sometimes paid, it is generally in bounties. It just means being adversarial without trying to be unethical. So, find the hole but tell the person that made it rather than the crooks that will exploit it.

          A red team on the other hand is a known value. They are the bad guys in a simulation. The military exercises similarly or any organization that wants to test defenses. Red team == the make believe bad guys.