top of page
Search

Red Team Learning Journey: Foundations and First Challenges

  • viviangoshashy0
  • Sep 6
  • 3 min read

As I continue my path in building a Red Team home lab, I want to share not only the concepts I’m learning but also the practical roadblocks I’ve hit along the way. Cybersecurity is as much about theory as it is about problem-solving when things don’t go as planned. This post covers some key objectives I’ve studied so far, along with my first attempts at building my lab environment.


ree


🔹 The 3 Teams in Cybersecurity

One of the first lessons I reviewed is the different teams that exist in cybersecurity operations:

  • Red Team (Offensive) – Focused on simulating attacks, identifying vulnerabilities, and testing defenses.

  • Blue Team (Defensive) – Dedicated to monitoring, defending, and responding to attacks.

  • Purple Team – A hybrid, working as a bridge between Red and Blue to improve overall security.


Understanding these perspectives is important because in this series, I’ll primarily focus on the Red Team mindset while keeping in mind how defenders view the same scenarios.


🔹 Penetration Testing Process

A structured approach is essential for Red Team and penetration testing work. Key steps include:

  • Penetration Testing Methodology – A framework for planning, executing, and reporting attacks.

  • Metrics & Why They Are Important – Metrics normalize data so security improvements can be measured over time.

  • Routine Assessments – Security testing should not be a one-time event:

    • Yearly assessments

    • Quarterly assessments

    • Monthly assessments

    • Constant assessments (for high-risk environments)

  • Building an Assessment Plan & Budget – Testing requires not just technical skill but also planning for costs, people, and time.

  • Specialties – Areas of focus may include network penetration testing, web application testing, or social engineering.

  • The CIA Triad – A guiding principle in cybersecurity:

    • Confidentiality → Access control, authorization

    • Integrity → Hashing and encryption to protect data

    • Availability → Ensuring services remain accessible


🔹 The Windows Operating System (First Lab Attempt)

To practice Red Team techniques, I needed a controlled lab. I began by installing VirtualBox and preparing a Windows Server 2016 ISO as the foundation.


Attempt 1: Apple Silicon Roadblock

At first, I tried this on my Apple Silicon (M1/M2) MacBook. I quickly ran into a limitation: when creating a new virtual machine, the only operating system option available was Windows 11 on ARM (64-bit).


The problem: VirtualBox on Apple Silicon only supports ARM-based operating systems, such as Windows 11 ARM and Linux ARM. Unfortunately, Windows Server 2016 is x86-only and won’t run.


At this point, I had two options:

  • Use UTM or Parallels Desktop to emulate x86 servers on Apple Silicon.

  • Switch to a Windows computer to follow the tutorials more directly.


I decided to move to a Windows laptop, which gave me a deeper understanding of how hardware architecture (x86 vs ARM) impacts virtualization.


Attempt 2: Installing VirtualBox on Windows

Once on my Windows machine, I faced another problem. When trying to install VirtualBox 7.2.0, I got this error message:

“Oracle VirtualBox 7.2.0 needs the Microsoft Visual C++ 2019 redistributable package being installed first. Please install and restart the installation of Oracle VirtualBox 7.2.0.”

To solve this:

  1. I downloaded the Microsoft Visual C++ 2015–2022 Redistributable (both x64 and x86).

  2. Installed them and restarted my computer.

  3. After that, the VirtualBox installation completed successfully.


This issue taught me that virtualization software often depends on system libraries like Visual C++, which need to be installed separately.


🔹 Lessons Learned So Far

  • Cybersecurity isn’t just about running tools — it’s about troubleshooting and understanding the environment.

  • ARM vs x86 architecture matters when working with virtual machines.

  • Errors are not setbacks but opportunities to dig deeper and build practical problem-solving skills.


🔹 What’s Next

With VirtualBox now installed on my Windows laptop, the next step is to successfully install Windows Server 2016 as the base machine in my Red Team lab. From there, I’ll begin adding client machines, configuring networks, and exploring attack scenarios.


This is just the beginning of my Red Team Learning Journey, and I’ll continue to document each challenge and breakthrough as I go.

 
 
 

Recent Posts

See All

Comments

  • LinkedIn
  • GitHub

©2025 Vivian J. Goshashy. Proudly created with Wix.com

bottom of page