So there’s a lot of confusion out there about Penetration Testing and Red Teaming. I wanted to put together a list of resources for those familiar with infosec or penetration testing who want to get into red teaming or at least get a better understanding of the methodologies and techniques used by red teamers.

First, it’s important to note that Red Teaming is predominantly comprised of two things: alternative analysis and adversary simulation. Red teams do not attempt to find “all the vulnerabilities” and do not usually try to have a wide breadth of coverage. Instead, red teams seek to simulate an adversary with a particular objective, predominantly to act as a “sparring partner” for blue teams. Keep in mind, red teams are the only adversary that will debrief with the blue team so that blue team can figure out what they missed or could have done differently.

For more about the specific definition of Red Teaming, check out the presentation Red Teaming Probably Isn’t For You by fellow red teamer Toby Kohlenberg.

This is not intended to be a comprehensive list of everything you need to know, but more of a “differences course” for those with penetration testing or similar backgrounds to get an introduction to red teaming.

Concepts of Red Teaming

Penetration Testing vs Red Teaming

Technical Resources (Not Necessarily Red Team Specific)

Red Team Courses


This is by no means a comprehensive list, and if you have other suggestions, please let me know.