I think blue team work poses a greater number of challenges than red team work (there's just so much attack surface). However, I think writing a red team report is inherently harder than writing forensic reports. 1/
In a forensic report, a story already happened and you have to tell it. It takes practice and skill to do that well, but there is less of a creative element. The analyst's burden to elicit an emotional response is smaller. 2/
The events in the report themselves have evoked emotion... pain, sadness, etc. It's not as hard to get folks to take action because they've already felt these things. 3/
In a pen test report, some of the story already happened (what you did), but the real story is what could happen without action by someone. How actual criminals could take a similar path, resulting in breach/loss. 4/
So as a red teamer, you have to be a little extra creative in your writing. You are responsible for eliciting the emotional response. You have to make them feel things they haven't felt yet. 5/
You have to do all this while being a good steward of the reader's emotional well-being. That means telling a realistic story that isn't overly sensational and properly captures the true risk of certain vulnerabilities going unmitigated. That's not an easy task. 6/
Red team writing also tends to be a little more repetitive in some ways. So, you have to force yourself to find ways to tailor the story to the specific network/client. That's extra work, but necessary. A common example is writing about network segmentation. 7/
Some of y'all are probably grimacing right now because you write about network segmentation in nearly every report. Tempting to just copy and paste it all verbatim, right? Most do, but probably not gonna spur any action. 8/
Blue or red team writing... it's all hard because it's all persuasive writing. You want folks to do something. Most of that comes back to storytelling and emotion. 9/
When you write to evoke emotion, you tend to get a little dejected when it doesn't work. Let's say you write a report about some vulns, come back two years later, and they're all still present. Feels bad, right? 10/
This usually turns writing into an apathetic (or downright combative) task over time. It compels the writer to put less effort into their work than more. Red team writing finds itself in this state more often... decent writing isn't as frequently positively reinforced. 11/
That's to say, blue team writing can often be decent and still evoke change, whereas red team writing often has to be GREAT to achieve the same results. There are external factors in play here, of course. 12/
These opinions are based on my experiences writing many of both kinds of reports and thoughts shared by students in my writing class.

Overall, I think both types of writing are challenging. The difficulty gap is significant but can be overcome. 13/13
You can follow @chrissanders88.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.