For some people Red Teaming seems to be something like the holy grail and many people want to do it. In my opinion a Red Teamer should have experience in Penetration Testing before starting. Some experience in DFIR might also be useful, or at least you should have some understanding of this topic.
For me (I am planning and leading internal Red Team engagements since about two years now), Red Teaming is very different from pentesting, although experience here is important.
“Penetration testers have this problem where they frequently can’t see past the end of their Kali USB. They establish the false equivalence of: “China hacked $X; I can hack $X; therefore, I am an APT and an APT is like me.” An APT is literally the instantiation of a nation state’s will. It is not a toolchain.”
This sums up my experience. Some pentesters think: OK, let’s just use bloodhound, mimikatz and empire and and start firing, when I am domain admin it is red teaming. Well, maybe kind of.
But do real attackers think that way? Think more about WHY a malicious actor is trying to hack you, and then how. What are attackers looking for? That might define the scope of your engagement. You should read threat intel and incident reports for being up to date regarding TTPs and scope. When doing Red Teaming you should start thinking more into this direction.
I also tend to go through single scenarios, and not only full blown attack simulations, like:
• Account compromisation
• Exfiltration if possible
• APT traffic simulation for testing and enhancing capabilities of the blue team
• Water Holing
• Malware Simulation
This is also a good starting point for enhancing a penetration tester career, since usually you are not able to start with full blown Red Team engagments.
I can recommend “The Hacker Playbook” series, review for the third issue here. Further the book “Advanced Penetration Testing” is a good read.