One of them jailbroke Nintendo handhelds in a former life. Another has more than one zero-day exploit to his name. A third signed on just prior to the devastating Shadow Brokers leak[1]. These are a few of the members of the Windows red team, a group of hackers inside Microsoft who spend their days finding holes in the world’s most popular operating system. Without them, you’d be toast.
Many companies have a red team, or several, and they generally share the same purpose—to play the role of an attacker, probing releases new and old for vulnerabilities, hoping to catch bugs before the bad guys do. Few of them, though, focus on a target as ubiquitous as Windows, an operating system that still boasts[2] nearly 90 percent market share for laptop and desktop computers worldwide. When Windows breaks, the whole world hears the shatter.
Putting It Together
The Windows red team didn’t exist four years ago. That’s around the time that David Weston, who currently leads the crew as principal security group manager for Windows, made his pitch for Microsoft to rethink how it handled the security of its marquee product.
“Most of our hardening of the Windows operating system in previous generations was: Wait for a big attack to happen, or wait for someone to tell us about a new technique, and then spend some time trying to fix that,” Weston says. “Obviously that’s not ideal when the stakes are very high.”
Weston wanted to go beyond Microsoft’s historical mode of using bug bounties and community relationships to formulate a defense. He was tired of the reactive crouch, of responding to known issues rather than discovering new ones. He wanted to play some offense.
Drawing inspiration from his experience with whitehat hackers