Black White and Gray Hats and The Cyber-security | Free Antivirus Software

In connection with penetration testing (also known as ethical hacking) one hears again and again of different colored teams. White hats and black hats are also often mentioned in this context. But what do these colors and terms mean and what do you have to do with IT security? In this post, I would like to introduce the different colors that are used in the world of cybersecurity and how they relate to each other.

With increasing digitization, large-scale attacks using malware such as Emotet, or targeted hack attacks on government institutions , the topic of IT security is now reaching more and more people. An area that has so far hardly been noticed by the public, although it has always been important. With this attention now present , many private users and companies are increasingly finding out what they can do better to avoid such attacks , how they can protect themselves effectively and what they can do in the event of an attack.

Most people encounter the world of IT security for the first time and are simply flooded with information that is new to them. If you search for topics using a search engine or contact surrounding security specialists, you are often thrown at with terms such as penetration testing , incident response , social engineering or damage control . At first glance, these seem to be buzzwords that concern these weird IT nerds. Fortunately, however, a simple, visual system has been established in “InfoSec” (another new term) that makes the tasks simple and easycan be clearly assigned in order to provide a rough overview.

Find the best free antivirus software to keep away from cybercriminals.

Attack and Defense - the Origin of Red and Blue Teams

Originally, a distinction was made between the attackers and the defenders . As is common in the non-IT environment, for example in the military or other security forces, a distinction is made using the two colors red (for attackers) and blue (for defenders) . This subdivision is still the most common today and enables a simple and rough assignment. As is often the case in the digital world, these terms are mostly used in their English form (Anglicism).

In addition, however, a distinction is not only made between the tasks (attack / defense / development), but also between the intention of the people who carry out these activities. A distinction is also made between white hats , gray hats and black hats .

Hats

Being a hacker is not automatically bad. Even if we associate this term with the evil, hooded criminals from the films, one always differentiates between the intentions of a hacker . To be a hacker simply means that you have a keen interest in understanding how various systems or infrastructures work and how you can manipulate them. How to use this knowledge is a moral question.

If we think of the classic cybercriminal as we know him from the films (black hoodie, lives in the basement), then we speak of a so-called black hat . The black hat symbolizes the intention to cause harm . However, light also belongs to the shadow. White Hats , so the white hat, symbolizing good intentions . Hackers who only use their skills for “morally correct” purposes, for example by working to uncover and report security vulnerabilities.

However, since the world is not just black and white, there is a third category. The so-called gray hats . The gray hat symbolizes a mixture between white and black. People who use their abilities for good as well as bad intentions . There can be many different reasons for this. In this way, someone could possibly sell their skills to the highest bidder. Unfortunately, the categorization is often not that easy. Since this is a moral question , it can often be interpreted in different philosophical terms. It can also happen that the legislature can have a different opinion here than the subjective morality. Hacking someone out of goodwilland wants to report a loophole found, he is liable to prosecution without prior agreement . Before the law he is a black hat , even if he actually did it out of goodwill.

The Primary Colors

1) Red: The Attackers

Tasks such as penetration testing , social engineering or any other form of attack fall into the area of ​​the red teams . However, it is important that these are clearly defined, approved and agreed attacks . The Red Team works and acts like real criminals in terms of technology. However, these skills are used to improve the systems to be tested - i.e. white hats . The goal is not to cause damage, but to uncover weak points through simulated attacksand in cooperation with the other teams to close them before actual blackhats can use them. This is also referred to as “ethical hacking”. Even if the intentions are always good , it is not uncommon for former Black Hats to be employed in these teams.

2) Blue: The Defenders

Everything that Concerns the Hardening, Protection and Analysis of Systems Takes Place in The blue teams . Here you will find trained specialists who set up, configure and maintain technical measures to protect the infrastructure . Among other things, the operation of firewalls, the evaluation of log files or the analysis of malware . The technical measures (hardware / software) vary depending on the target system to be supported, or even individual.

3) Yellow: The Developers

Unfortunately, the Classic Distinction Between Red and Blue Team does not meet the requirements of reality. Another very essential element of security has been neglected for years . In 2017, April C. Wright brought the developers into the model at the hacker conference "BlackHat" (an analogy to the evil Black Hats , but in this case the name of the event). Many programmers have little or no contact with IT security issues. There are multiple reasons for that. It is important to take the software developers with you with these questions, because many of the known vulnerabilities are due to incorrect programming and can be avoided very easily . Developers are also those who make the Blue Team's tools available (e.g. logging).

You Can only Be Successful if You Work Together

The  Red Team  tries to bypass the Blue Team's  security  mechanisms and outsmart the Yellow Team's software . The Blue Team tries, partly with the help of the Yellow Team, to prevent the Red Team from doing so. So blue / yellow versus red ? No! A reasonable cooperation is necessary for the safety successfully improve. Even if these teams have different tasks, they all help each other. The best analogy for this is arguably rival siblings.

This overarching work can now be wonderfully represented by the secondary colors :

Purple Teaming

The Red Team gives feedback to the Blue Team , because only those who understand how an attacker acts - true to the motto "know your enemy" - can protect themselves against it. The Blue Team, in turn, presents its work to the Red Team , which then uses the mentality of an attacker to identify possible weak points and gives it back again as feedback.

Orange Teaming

Members of the Red Team work together with the Yellow Team . The aim is to help the developers by explaining to them how to program software more securely. But not by just providing a report with the vulnerabilities found, but also by explaining how the attack works . This ensures that the developers will continue to take a completely different perspective when coping with their often very complex tasks in the future . As a result, it can also happen that further, previously unknown, vulnerabilities are uncoveredby applying their new understanding to the rest of their work. Nobody knows a system better than the person who developed it.

Green Teaming

The  Blue Team  uses the  software provided by  the  Yellow Team in practice. During the application it is noticed that some functions are missing, would be helpful or do not work optimally. The daily work and experience is transmitted from Blue to the Yellow Team , which can then make adjustments and thus ensure optimal operation .

Is There More?

The primary colors are arguably the most commonly used . Not only in terms of language, but also the actual work, whereas the secondary colors are used less often. Occasionally, however, you will find other, less common and more spongy colors. So every now and then you read about a so-called white team . The white team symbolizes the management , which looks after the organization and the interaction of the individual teams, but in contrast to the primary colors moves in a non-technical area . Just pure management.

Occasionally you read about a notorious Black Team . The black team is in the middle of all colors and should therefore be able to do everything . However, these other categorizations are often somewhat controversial and can sometimes have slightly varying definitions , depending on which group or person in the InfoSec community is asked.