• Lightdm@feddit.de
    link
    fedilink
    English
    arrow-up
    3
    ·
    9 months ago

    I always thought that people hired to pen test are white hat hackers? What is the difference to red team?

    • PlexSheep@feddit.de
      link
      fedilink
      English
      arrow-up
      4
      ·
      9 months ago

      People in red Teams are white hats. The terms describe different things. The “color wheel” is operational and thinks in the context of an organization. Red Team tries to attack our stuff, blue team tries to defend our stuff, yellow team builds our stuff etc.

      White hat is just a term for ethical hackers, black hat is a term for criminals. Grey hat means someone in-between (think political hacker defacing website of organization they don’t like), there is also some more but the shades of grey are most important.

    • theherk@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      While white hats are sometimes paid, it is generally in bounties. It just means being adversarial without trying to be unethical. So, find the hole but tell the person that made it rather than the crooks that will exploit it.

      A red team on the other hand is a known value. They are the bad guys in a simulation. The military exercises similarly or any organization that wants to test defenses. Red team == the make believe bad guys.