Commit b892f8f9 authored by Kristie Thomas's avatar Kristie Thomas 🌻

update links

parent dbbc4446
......@@ -273,7 +273,7 @@ Initiatives for this specialty include:
### Red Team
GitLab's internal [Red Team](/handbook/engineering/security/red-team) emulates adversary activity to better GitLab’s enterprise and product security. This includes activities such as:
GitLab's internal [Red Team](/handbook/engineering/security/operations/red-team) emulates adversary activity to better GitLab’s enterprise and product security. This includes activities such as:
- Performing exercises with SecOps to collaboratively and rapidly iterate on improving GitLab's security posture. These exercises will be referred to as purple team exercises merging blue (secops) and red teams together.
- Performing exercises to reflect simulated adversarial attempts to compromise organizational mission/business functions and provide a comprehensive assessment of the security state of information systems and organizations.
......
......@@ -17,7 +17,7 @@ Protect company property by identifying, preventing, detecting and responding to
The Security Operations Sub-department focuses on the operational aspect of security. Our Sub-department consists of experienced breakers, builders, and defenders from all walks of life and geographic locations. We are responsible for improving GitLab's security capabilities and metrics in the areas of:
* Realistic cyber attack scenarios against GitLab.com, company property, and employees - [Red Team](/handbook/engineering/security/red-team), [Issues Tracker](https://gitlab.com/gitlab-com/gl-security/security-operations/red-team)
* Realistic cyber attack scenarios against GitLab.com, company property, and employees - [Red Team](/handbook/engineering/security/operations/red-team), [Issues Tracker](https://gitlab.com/gitlab-com/gl-security/security-operations/red-team)
* Security anomaly/event detection and incident response - [SIRT - Security Incident Response Team](/handbook/engineering/security/sec-incident-response.html), [Issues Tracker](https://gitlab.com/gitlab-com/gl-security/security-operations/sirt)
* Abuse of GitLab.com - [Trust & Safety](/handbook/engineering/security/operations/abuse), [Issues Tracker](https://gitlab.com/gitlab-com/gl-security/security-operations/trust-and-safety)
......
......@@ -12,7 +12,7 @@ twitter_text: ".@GitLab introduces a new #opensource #infosec tool to help teams
postType: content marketing
---
We operate business at GitLab in a [“public by default”](/handbook/values/#public-by-default) mindset so other people can benefit from our transparent business practices. Defaulting to public sharing also means we store massive amounts of data in a public format by design. Much of what we do as a company takes the form of a GitLab issue and is open for the world to see, including those individuals with nefarious goals. Naturally, for a [Red Team](/handbook/engineering/security/red-team/), we’re curious about what all of this public information could do to aid someone intent on attacking GitLab. We started our investigation by identifying those secrets that are unintentionally shared across the assets we make public like issues, issue discussions, merge requests, merge request discussions, and snippets. There was no tooling available that accomplished what we set out to do, so we developed it ourselves and just released it: [Token-Hunter](https://gitlab.com/gitlab-com/gl-security/gl-redteam/token-hunter).
We operate business at GitLab in a [“public by default”](/handbook/values/#public-by-default) mindset so other people can benefit from our transparent business practices. Defaulting to public sharing also means we store massive amounts of data in a public format by design. Much of what we do as a company takes the form of a GitLab issue and is open for the world to see, including those individuals with nefarious goals. Naturally, for a [Red Team](/handbook/engineering/security/operations/red-team/), we’re curious about what all of this public information could do to aid someone intent on attacking GitLab. We started our investigation by identifying those secrets that are unintentionally shared across the assets we make public like issues, issue discussions, merge requests, merge request discussions, and snippets. There was no tooling available that accomplished what we set out to do, so we developed it ourselves and just released it: [Token-Hunter](https://gitlab.com/gitlab-com/gl-security/gl-redteam/token-hunter).
### Background
......
......@@ -13,7 +13,7 @@ postType: content marketing
# Update
_At GitLab we have an internal [Red Team](/handbook/engineering/security/red-team/) that dedicates time looking at the services and business partners we use to deliver GitLab products and services. As a [Google Cloud customer,](/blog/2018/06/25/moving-to-gcp/) we have an obvious interest in all the different ways that administrators can make devastating security related mistakes when configuring their environment. We also have a team goal of sharing our research and tooling when possible with the community. This blog post and our previous post, [Introducing Token Hunter, an open source tool for finding sensitive data in the vast, wide-open,](/blog/2019/12/20/introducing-token-hunter/) are our attempts to share our knowledge with the broader security community - for our mutual benefit._
_At GitLab we have an internal [Red Team](/handbook/engineering/security/operations/red-team/) that dedicates time looking at the services and business partners we use to deliver GitLab products and services. As a [Google Cloud customer,](/blog/2018/06/25/moving-to-gcp/) we have an obvious interest in all the different ways that administrators can make devastating security related mistakes when configuring their environment. We also have a team goal of sharing our research and tooling when possible with the community. This blog post and our previous post, [Introducing Token Hunter, an open source tool for finding sensitive data in the vast, wide-open,](/blog/2019/12/20/introducing-token-hunter/) are our attempts to share our knowledge with the broader security community - for our mutual benefit._
_This post does not outline any new vulnerabilities in Google Cloud Platform but outlines ways that an attacker who has already gained an unprivileged foothold on a cloud instance may perform reconnaissance, privilege escalation and eventually complete compromise of an environment._
......
......@@ -3,7 +3,7 @@ layout: job_family_page
title: "Red Team"
---
As members of GitLab's [Security Operations sub department](/handbook/engineering/security/operations/), the [Red Team](/handbook/engineering/security/red-team/) emulates real world adversary activities in order to better our enterprise and product security. This team requires thinking like an attacker while understanding the various levels of defensive technologies and their effectiveness. Creativity is key. Our Red Team develops in depth attack plans that focus on compromising GitLab, test existing defenses or assist in building new defenses based on real world attack data. The Red Team does not do penetration testing or vulnerability assessments, we conduct real world attack operations against live targets. To sum it up -- you need to be someone that is a true hacker at heart while understanding the various defensive techniques that make your job harder.
As members of GitLab's [Security Operations sub department](/handbook/engineering/security/operations/), the [Red Team](/handbook/engineering/security/operations/red-team/) emulates real world adversary activities in order to better our enterprise and product security. This team requires thinking like an attacker while understanding the various levels of defensive technologies and their effectiveness. Creativity is key. Our Red Team develops in depth attack plans that focus on compromising GitLab, test existing defenses or assist in building new defenses based on real world attack data. The Red Team does not do penetration testing or vulnerability assessments, we conduct real world attack operations against live targets. To sum it up -- you need to be someone that is a true hacker at heart while understanding the various defensive techniques that make your job harder.
## Responsibilities
* Understanding of GitLab’s products and how they work
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment