I think there’s a couple fronts that make a good red teamer. The technical side of being operator is less about knowing how to use tools (that’s easy to teach) and more about knowing how the technologies you’re attacking works. Having an understanding of how things work at a company gives you the context of how to attack and abuse it.
For example the stronger your sysadmin skills, the better you’re going to be at moving through an enterprise. Stuff like knowing how group policies work, having a solid understanding of AD. It’s all about having that context so you know how to abuse it. Having a development background gives you the context of how to abuse CI/CD systems and such. Knowing how kubernetes, how cloud works, gives you context on how to maneuver around it. Honestly, I don’t think I’ve used a single exploit in red teaming (which probably means I’ve left stuff on the table and made life harder for myself lol), it’s all been about finding and abusing misconfigurations in environments.
I think in a true adversary simulation position, you can’t expect to know everything. It’s why it’s a red team, you need people with a variety of skills and knowledge to be successful. My advice is pick an area you’re interested in and go deep. You want to hack traditional enterprises? Learn how AD works, build a lab, deploy GPOs, push software out to computers. Go through bloodhound and learn how each attack works, build it in your lab, and then implement the mitigation’s/fixes. If you really want to be ahead of the curve, learn how modern windows workplaces work (AzureAD, Intune, etc). Actually you should probably do that anyway :-D
I can speak with some authority on the enterprise stuff cause that’s been the focus of my career for the past decade, but really whatever you want to dig into it comes down to build it, breaking it, and fixing it. It’s great to have a general awareness of other areas, but I wouldn’t stress about going to deep in them if it’s not for you.
The other thing that makes a good red teamer is being objective focused. Red teaming isn’t about owning the whole environment, you typically have some pretty specific objectives: get PII, edit source code, access financial data, etc. If you spend your time just owning the environment, you’re wasting time and you’re more likely to get caught. Remember that that’s what makes a red team different from a pen test, pen tests find vulnerabilities, red teams test detection and response. If you’re after financial data, don’t bother with DA, target the accounts payable department. It’s a mindset thing, but to me it’s been one of the biggest things that makes a good red teamer.
As for proper training and such, Rasta’s RTO course looks really solid and I’ve heard good things. If you’re able to take FortyNorths Intrusion Operations course I’d jump at it, I’ve taken that one and can say it’s pretty amazing. I’d also strongly suggest picking up “Red Team Development and Operations” by Joe Vest, it provides a lot of great information around the red team mindset.
Alright I’ve got to stop typing, I’ve already written you a book lol. I hope it’s helpful!