this post was submitted on 16 Feb 2024
250 points (83.6% liked)

Technology

58970 readers
4337 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 8 months ago (2 children)

I always thought that people hired to pen test are white hat hackers? What is the difference to red team?

[–] [email protected] 4 points 8 months ago

People in red Teams are white hats. The terms describe different things. The "color wheel" is operational and thinks in the context of an organization. Red Team tries to attack our stuff, blue team tries to defend our stuff, yellow team builds our stuff etc.

White hat is just a term for ethical hackers, black hat is a term for criminals. Grey hat means someone in-between (think political hacker defacing website of organization they don't like), there is also some more but the shades of grey are most important.

[–] [email protected] 3 points 8 months ago

While white hats are sometimes paid, it is generally in bounties. It just means being adversarial without trying to be unethical. So, find the hole but tell the person that made it rather than the crooks that will exploit it.

A red team on the other hand is a known value. They are the bad guys in a simulation. The military exercises similarly or any organization that wants to test defenses. Red team == the make believe bad guys.