Red Team Operations Playbook

Red Team Operations Playbook

Complete operational guide for executing Red Team engagements:

• Planning Phase — Scoping templates, rules of engagement documents, communication plans, and emergency procedures. Includes legal review checklist and client authorization forms.
• Infrastructure Setup — Step-by-step guide for building attack infrastructure: redirectors, C2 servers, phishing platforms, payload hosting, and secure communication channels between team members.
• Initial Access — Playbooks for each initial access technique: spear-phishing, external service exploitation, supply chain compromise, physical access, and insider simulation scenarios.
• Post-Compromise — Standard operating procedures for credential harvesting, lateral movement, privilege escalation, and data discovery once initial foothold is established.
• Persistence and Exfiltration — Techniques catalog for maintaining access across reboots, network changes, and incident response actions. Data staging and exfiltration methods with size and bandwidth considerations.
• Reporting and Debrief — Report templates with executive summary, technical findings, attack narrative timeline, detection gap analysis, and prioritized remediation recommendations.