Red Team Handbook rewrite
Why is this change being made?
The Red Team handbook page is a bit outdated and requires a bit of a refresh. See https://gitlab.com/gitlab-com/gl-security/security-operations/redteam/redteam-internal/red-team-operations/-/issues/1371+ for details.
Proposed structure:
- Red Team (main page)
- Stealth operations (subpage)
- Purple team operations (subpage)
- Opportunistic attacks (subpage)
- Club Red
- Research (subpage, if needed)
- How we operate (subpage)
- General operations
- How we measure success
- metrics
- rules of engagement (separate page maybe? like it is now)
- Red Team maturity model
I wanted to capture that the current page has a bit too much "how" on it and visitors (who we don't work with often) might want to drill down into each part separately.
Author and Reviewer Checklist
Please verify the check list and ensure to tick them off before the MR is merged.
-
Provided a concise title for this Merge Request (MR) -
Added a description to this MR explaining the reasons for the proposed change, per say why, not just what - Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added, and the content is SAFE
-
Assign reviewers for this MR to the correct Directly Responsible Individual/s (DRI) - If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the
Maintained bysection on the page being edited - If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies
- The when to get approval handbook section explains the workflow in more detail
- If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the
-
For transparency, share this MR with the audience that will be impacted. -
Team: For changes that affect your direct team, share in your group Slack channel -
Department: If the update affects your department, share the MR in your department Slack channel -
Division: If the update affects your division, share the MR in your division Slack channel -
Company: If the update affects all (or the majority of) GitLab team members, post an update in #whats-happening-at-gitlab linking to this MR - For high-priority company-wide announcements work with the internal communications team to post the update in #company-fyi and align on a plan to circulate in additional channels like the "While You Were Iterating" Newsletter
-
Commits
- Red Team Handbook rewrite
Merge request reports
Activity
added DepartmentRed Team HandbookContent labels
assigned to @cablett
added skip-path-check label
- Resolved by Chris Moberly
@cablett this merge request renames or deletes pages.
Please ensure that all links to these files are updated accordingly in the public and internal handbook. Optionally, add a redirect. - Last reply by Chris Moberly
Using combined codequality.json: markdownlint-cli2-codequality.json vale-codequality.json new_broken_links.json
One of the linters has reported errors and as a result the pipeline has failed. Once the pipeline completes, you'll find the code quality report above which can link you to where the error is in your code. Additionally, below you'll find a table of the errors. The table has links to the lint rules so you can find more information on how to fix the issue(s).
Rule File Line Error MD012 content/handbook/security/security-operations/red-team/how-we-operate/_index.md 107 Multiple consecutive blank lines [Expected: 1; Actual: 2] MD012 content/handbook/security/security-operations/red-team/stealth-operations.md 7 Multiple consecutive blank lines [Expected: 1; Actual: 2] MD012 content/handbook/security/security-operations/red-team/stealth-operations.md 8 Multiple consecutive blank lines [Expected: 1; Actual: 3] MD047 content/handbook/security/security-operations/red-team/stealth-operations.md 23 Files should end with a single newline character Broken link (HugoLinkCheck) content/handbook/security/security-operations/red-team/stealth-operations.md 19 Link destination "how-we-operation/rules-of-engagement#stealth-operations" does not exist Broken link (HugoLinkCheck) content/handbook/security/security-operations/red-team/stealth-operations.md 19 Link destination "how-we-operation/rules-of-engagement#stealth-operation-techniques" does not exist If you need more help please reach out on Slack in #mr-buddies.
Edited by ****Using combined codequality.json: markdownlint-cli2-codequality.json vale-codequality.json
One of the linters has reported errors and as a result the pipeline has failed. Once the pipeline completes, you'll find the code quality report above which can link you to where the error is in your code. Additionally, below you'll find a table of the errors. The table has links to the lint rules so you can find more information on how to fix the issue(s).
Rule File Line Error MD047 content/handbook/security/security-operations/red-team/_index.md 102 Files should end with a single newline character MD047 content/handbook/security/security-operations/red-team/opportunistic-attacks/_index.md 28 Files should end with a single newline character If you need more help please reach out on Slack in #mr-buddies.
Edited by ****Previous linting failures have been resolved. Resolving this thread!
Edited by ****
-
@cablett, I did a quick scan here.
These are optional and almost all focused on improving flow and wording.
added 1 commit
- 62ba562a - Consolidation and iteration on mission and vision
Previous linting failures have been resolved. Resolving this thread!
Edited by ****- Resolved by Chris Moberly
Wow, what a great iteration! This new format makes a lot of sense, and I like how there are now sections broken out so we can iterate and expand while still keeping things easy to consume.
I just did a big review myself, merged a bunch of suggestions, and did some iterations of my own.
I mostly left things pretty intact, with my biggest edits being:
- Vision: tried to keep the intent intact but made it a more aspirational statement
- Mission: Tried to make this a one-stop shop for describing what we do in a concise manner. Also deleted the intro paragraph completely, putting the best parts of it into the Mission so that can be the SSoT for these statements. Also moved away from specifically calling out "recommendations" - I think we are at a point where we will soon evolve to focus more on observations, and working with others to craft recommendations based on their more specific knowledge of the target processes/environments.
On those larger edits, I tried to retain the existing content as much as possible.
Some other things I did while editing:
- Removed some duplicated statements
- Removed some processes that are not happening today (like the vuln mgmt technique handover)
- Applied our preferred style of capitalization for "Red Team"
Edited by Chris Moberly - Last reply by Chris Moberly
reset approvals from @cmoberly by pushing to the branch
requested review from @cynthia
- Resolved by Cynthia "Arty" Ng
Hi @cynthia - this MR adds a redirect to layouts and requires codeowners approval there. Can you assist?
Thanks!
- Last reply by Cynthia "Arty" Ng
- Resolved by charlie ablett
Hi @marcel.amirault - thanks for all the great suggestions! I've accepted most/all of them. Are you able to remove your blocking request for changes?
I believe giving it an
/approveshould do the trick.Thanks!
Edited by Chris Moberly - Last reply by Chris Moberly
started a merge train
mentioned in commit 7e29c1a3
