Red Team Handbook rewrite

Why is this change being made?

The Red Team handbook page is a bit outdated and requires a bit of a refresh. See https://gitlab.com/gitlab-com/gl-security/security-operations/redteam/redteam-internal/red-team-operations/-/issues/1371+ for details.

Proposed structure:

• Red Team (main page)
  • Stealth operations (subpage)
  • Purple team operations (subpage)
  • Opportunistic attacks (subpage)
    • Club Red
  • Research (subpage, if needed)
  • How we operate (subpage)
    • General operations
    • How we measure success
      • metrics
    • rules of engagement (separate page maybe? like it is now)
    • Red Team maturity model

I wanted to capture that the current page has a bit too much "how" on it and visitors (who we don't work with often) might want to drill down into each part separately.

Author and Reviewer Checklist

Please verify the check list and ensure to tick them off before the MR is merged.

• Provided a concise title for this Merge Request (MR)
• Added a description to this MR explaining the reasons for the proposed change, per say why, not just what
  • Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added, and the content is SAFE
• Assign reviewers for this MR to the correct Directly Responsible Individual/s (DRI)
  • If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the Maintained by section on the page being edited
  • If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies
  • The when to get approval handbook section explains the workflow in more detail
• For transparency, share this MR with the audience that will be impacted.
  • Team: For changes that affect your direct team, share in your group Slack channel
  • Department: If the update affects your department, share the MR in your department Slack channel
  • Division: If the update affects your division, share the MR in your division Slack channel
  • Company: If the update affects all (or the majority of) GitLab team members, post an update in #whats-happening-at-gitlab linking to this MR
    • For high-priority company-wide announcements work with the internal communications team to post the update in #company-fyi and align on a plan to circulate in additional channels like the "While You Were Iterating" Newsletter

Commits

• Red Team Handbook rewrite

---

content/handbook/security/security-operations/red-team/_index.md

@@ -45,21 +45,21 @@ The Red Team is part of the Security Operations department. [See the GitLab orga
 
 Further details about Red Team roles can be found in the [job family description](/job-families/security/red-team).
 
-## Services we offer
+## Services We Offer
 
 In everything we do, we follow our [rules of engagement (RoE)](how-we-operate/rules-of-engagement).
 
 We do not perform penetration tests (vulnerability enumeration) or product vulnerability research (see [Security Research](../../product-security/security-research/)).
 
-### Stealth operations
+### Stealth Operations
 
 Our primary service. Stealth operations are typically 3-9 months in length and are focused on emulation of relevant threats to GitLab. We work closely with [Threat Intelligence](../threat-intelligence) to identify an adversary that might pose a security risk to GitLab. Using tools we've developed similar to those of the adversary, we carry out the attack on GitLab's systems. We use stealth, testing the defenses realistically and without introducing unnecessary risk. [Read more...](stealth-operations)
 
-### Opportunistic attacks
+### Opportunistic Attacks
 
 These are short (a few days), more spontaneous attacks against GitLab systems when a potential initial access vector comes to our attention. Depending on what we find, we can either raise an incident ourselves, or continue as attackers would until discovery. We're looking to formalise this to a framework for discovering initial access more efficiently and iteratively. [Read more...](opportunistic-attacks/)
 
-### Purple teaming
+### Purple Teaming
 
 Purple Team represents a collaborative exercise between the Red Team and Blue Team (our defensive teams, usually [SIRT](../sirt/) or [Signals Engineering](../signals-engineering)). These can be:
 
@@ -102,7 +102,7 @@ We also track results via metrics which are available internally, including MITR
 - [Red Team Development and Operations](https://redteam.guide/): An excellent book by Joe Vest and James Tubberville.
 - [MITRE ATT&CK: Getting Started](https://attack.mitre.org/resources/getting-started/): A collection of resources related to the ATT&CK framework, which is used as the foundation for much of our work.
 
-## Is This the Red Team?
+## Is This The Red Team?
 
 GitLab team members: See something potentially suspicious and want to check in with us? We won't answer this question. Read more about why in [_Is This the Red Team?_](how-we-operate/#is-this-the-red-team)