Red Team and Blue Team are two sides of cybersecurity defense and offense.
Red Team simulates real attackers, while Blue Team defends systems and detects attacks.
- Red Team: Exploitation, phishing, lateral movement
- Blue Team: Monitoring, detection, response, hardening
- Purple Team: Collaboration between Red and Blue
Example:
Red Team tries to break into a company network.
Blue Team detects unusual traffic and blocks the attack.
Exercise:
Simulate a Red Team login attack and design Blue Team alerts to detect it.