Meet the Black Team: The Specialists Behind Successful Security Breaches

This blog talks a lot about running physical engagements and audits, but today I want to talk about the team itself. Specifically, the members of your black team, how you can organize them and various roles they often play on the team.

I am a big fan of redundancy when it comes to engagements, never bring a single I-copy or flipper to a job site in case it decides thats the moment it’s going to die and similarly, if possible, never have a single teammate who the entire operation depends upon and cannot be replaced.

Therefore, whenever possible, get your entire team trained up on every skill set you can, and while there will always be those on your team who are excellent at various tasks like social engineering or safe cracking, make sure there are others who have at least a level of competency in those skills in case something happens to your expert.

Obviously not ever black team will have every teammate listed bellow, those listed should be considered to be, in my opinion, an ideal black team, and something i encourage anyone who is putting such a team together to bring onboard.

Now let’s discuss what I would consider to be the likely teammates who will make up your black team.

The Team Lead: The Captain at the Helm

At the heart of every black team is the Team Lead. As the most senior and experienced member, the Team Lead is responsible for making final decisions, resolving any issues that arise, and ensuring the overall success of the engagement.

This role requires a deep understanding of various aspects of penetration testing, as the Team Lead must be capable of stepping into any other teammate's role if necessary.

This versatility is crucial, especially if a team member becomes "burned" (compromised or otherwise unable to continue) during an engagement. There will be many engagements where a team lead will be required to jump into any number of roles onsite and they should be experienced enough to do so.

That said, it is not required, or even recommended, that the team lead be the best at everything, but instead know how to manage their team effectively.

The team lead should not only be experienced in pentesting but also in team management and conflict resolution. Physical pentests are stressful, require long hours and often have teammates disagreeing on the best approaches. It will be up to the team lead to navigate these issues in real time, while simultaneously not making his team feel as if they are being micro managed.

As team lead, it is also your job to ensure that your team is prepared well before any engagement. This means, you will need to find time and resources to ensure your team have the skills and experience to conduct a successful engagement.

As the most senior, I also recommend that you give ample time to assist your sales team, if you have one, as your experience and guidance will help them to actually get you pentests and audits.

As I have said in previous posts, the best way to train your team for pentests are physical security audits, do your best to secure them and go through them with your juniors to point out all the vulnerabilities you encounter, how to detect them, abuse them and resolves.

Specialists: The Experts