Red Teaming

What is Red Teaming?

Red Teaming is a security testing method that simulates a real-world attack on an organization’s systems and infrastructure. It is an important cybersecurity activity for organizations to use in order to identify weaknesses in their security posture and to harden their defenses against potential attacks. Red Teaming can help organizations to identify and fix vulnerabilities before they are exploited by attackers. Additionally, Red Teaming can help organizations to develop better incident response plans and to test their ability to detect and respond to attacks.

Articles

Concepts

• Why do we Red Team?

• A Simple Introduction to Red, Blue and Purple Teaming

• What is the right mindset for Red Teaming?

• Designing Threat Emulation Scenarios

• The importance of Freedom of Movement when running Red Team exercises

• How can CISOs make sense of Cyber Red Team results?

• The business case against Red Teaming

• Can Red Teaming exercises be automated?

• What is the OODA Loop and why is it relevant to Red Teaming?

• Introduction to Red Team Tools and Techniques

• Choosing a Command and Control Infrastructure

• Top reasons why Red Teamers should know how to write their own custom tools

• Using the Cyber Kill Chain and the MITRE Matrix for Red Team Operations

• What is the difference between Red Teaming, Penetration Testing and Vulnerability Assessments?

Techniques

When discussing “red team techniques”, we are referring to the various ways in which a security team can simulate a real-world attack on their systems in order to test their defenses. This can include everything from social engineering attacks (e.g. phishing) to more technical attacks (e.g. privilege escalation). One of the most important aspects of red teaming is that it allows organizations to see their systems from the perspective of an attacker.

• NTFS data stream manipulation

• Data Exfiltration with the Help of Linux Binaries

Tools

There are various tools that are used by red teams in order to assess and improve the security of an organization. Some of these tools include penetration testing, social engineering, and threat modeling. Red team tools can be used to identify vulnerabilities in an organization’s systems and to help create a plan to mitigate these vulnerabilities.

Poor Man’s Reverse Shells

A reverse shell is a type of shell in which the primary purpose is to enable remote access to a machine, typically for the purpose of executing commands on the machine. Unlike a standard shell, which is typically accessed by logging into the machine, a reverse shell is accessed by connecting to the machine from another machine.

• Perform Remote Code Execution with the Use of Reverse Shells

• Using Netcat as a Reverse Shell

Password Dumping

There are two main methods for obtaining passwords: password dumping and password cracking. Password dumping is the process of extracting passwords from a system that has already been compromised. This can be done manually, by an attacker who has physical access to the system, or remotely, by exploiting a vulnerability in the system. Once the passwords have been obtained, they can be cracked, which is the process of guessing the passwords using a computer program.

• Password Grabbing Dump and Crack SAM Hashes

Workflow

What is a workflow?

A workflow is a series of steps that are followed in order to complete an engagement. In penetration testing, a workflow is important in order to ensure that all steps are followed in order to complete the testing process. By following a workflow, penetration testers can ensure that they are thorough in their testing and that they do not miss any important steps.

The image below proposes a workflow you can use to learn Red Teaming:

Articles:

• Designing realistic cyber threat emulations

• Key metrics to measure the success of a Red Team Exercise