Red Team Mindset

8/13/2019 Red Team Mindset

http://slidepdf.com/reader/full/red-team-mindset 1/35

RED TEAM MINDSET

Uri Fridman – [email protected]



TODAY

!

ATTACKERS BYPASS THE MOSTPARANOID SECURITY MEASURES.

Information is being extracted.

In most cases attackers leave without the

target ever knowing they were there.

#$% &$'( )*+%,$- . /0* 10*%('+



RED TEAMS

2

A red team is a group of highly skilled peoplethat continuously challenge the plans,

defensive measures and security concepts.

These exercises result in a betterunderstanding of possible adversaries and

help to improve counter measures againstthem and future threats.

#$% &$'( )*+%,$- . /0* 10*%('+



A RED TEAM views a

problem from an

ADVERSARY or attacker’s

PERSPECTIVE

3#$% &$'( )*+%,$- . /0* 10*%('+



“There is no such thing as

perfect security. Attackers

get smarter and changetactics all of the time.”

4#$% &$'( )*+%,$- . /0* 10*%('+



ADAPTABILITY

5#$% &$'( )*+%,$- . /0* 10*%('+



THE MINDSET OF AN ATTACKER

6

ADVERSARIES DON’T PLAY BY THE SAMERULES; IN FACT THEY DON’T HAVE RULES AT

ALL. THEY ADAPT.

In the scary cases, the attacker is a focusedadversary who is looking to steal sensitive data

or maintain a strategic foothold.

#$% &$'( )*+%,$- . /0* 10*%('+



“Red Teaming Law #11: Thesuperior red teamer discerns

webs of perception, intent, and

effect; others just see a cigar. Ofcourse, ‘sometimes a cigar is

just a cigar’ (or is it?)”

7

RED TEAM JOURNAL LAWS (http://redteamjournal.com/red-teaming-laws/)

#$% &$'( )*+%,$- . /0* 10*%('+



SITUATIONALAWARENESS

8#$% &$'( )*+%,$- . /0* 10*%('+



LOOKING AT THE PROBLEM

FROM THE ATTACKER’S SIDE

9:

SOMETIMES ALL IT TAKES IS A LOW-TECH

APPROACH TO DEFEAT A HI-TECH PROBLEM.

Adversaries can exploit any and all knownattack vectors. They will also create new ones.

attackers are very creative.

#$% &$'( )*+%,$- . /0* 10*%('+



WHAT IS THE REALWEAK LINK?

99#$% &$'( )*+%,$- . /0* 10*%('+



SOCIALENGINEERING

9!#$% &$'( )*+%,$- . /0* 10*%('+



“Amateurs hack systems,professionals hack people.”

92

BRUCE SCHNEIER

#$% &$'( )*+%,$- . /0* 10*%('+



THINKING

93

Just thinking like a securityconscious person won’t do. We need

LINEAR THINKING combined with

LATERAL THINKING and

RIDICULOUS THINKING.

#$% &$'( )*+%,$- . /0* 10*%('+



Having an understanding of who theadversary is and how it might exploit thesecurity holes will make the organization

better.

Reacting security is not the ideal securityposture; instead be proactive, try to go 2 or3 moves ahead of him. Place detection and

deception measures. Make a future attackharder.

94#$% &$'( )*+%,$- . /0* 10*%('+



SOFTWAREVULNERABILITIES

95#$% &$'( )*+%,$- . /0* 10*%('+



PLEASE NOTE

PATCHED # SECURE

96#$% &$'( )*+%,$- . /0* 10*%('+



DESIGNVULNERABILITIES

97#$% &$'( )*+%,$- . /0* 10*%('+



A word about

“OPSEC” &

“OSINT”

98#$% &$'( )*+%,$- . /0* 10*%('+



OPSEC & OSINT

!:

When people brag, OPSEC goes out thewindow. OSINT is your friend. spend time

developing good OSINT prior, during and afteran operation.

FOLLOW THE OPSEC RULES FOR YOUR

TEAM (SEE NEXT SLIDE)

#$% &$'( )*+%,$- . /0* 10*%('+



OPSEC RULES

!9

1- Never reveal your operational details2- Never reveal your plans3- Never trust anyone4- Never confuse recreation with work5- Never operate from your own safe house / HQ

6- Be proactively paranoid, it doesn't work retroactively7- Keep your personal life and work separated8- Keep your personal environment free of work related stuff9- Don't give anyone power over you10- ALWAYS VERIFY!

#$% &$'( )*+%,$- . /0* 10*%('+



THE PROBLEM WITH LACK OF OPSEC:

ROBIN SAGE

!!#$% &$'( )*+%,$- . /0* 10*%('+



THE MOST IMPORTANT

CONTROL IS…

Wait for it…

!2#$% &$'( )*+%,$- . /0* 10*%('+



US !3#$% &$'( )*+%,$- . /0* 10*%('+



INTELLIGENCE-DRIVEN

SECURITY IS THE NEWBLACK

!4#$% &$'( )*+%,$- . /0* 10*%('+



INTELLIGENCE-DRIVEN

ATTACKS THEN, ARETHE NEW WHITE

!5#$% &$'( )*+%,$- . /0* 10*%('+



“Develop the situation.

Don't let the situationdevelop itself.”

!6#$% &$'( )*+%,$- . /0* 10*%('+

PETE BLABER: THE MISSION, THE MEN AND ME



LEARN FROM

ATTACKS THATDIDN’T WORK

!7#$% &$'( )*+%,$- . /0* 10*%('+



DIGITAL SITUATIONAL

AWARENESS

!8

Identify patterns that link individual to systemsto networks to the full target.

BLEND IN.

#$% &$'( )*+%,$- . /0* 10*%('+

Create false trails. Develop a noisy attack andlet the target follow it. Have a secondary

stealthy one ready to perform the attack.



UNDERSTANDINGHOW THE

ATTACKERS THINK

IS KEY 2:#$% &$'( )*+%,$- . /0* 10*%('+



“7 P’s: Proper Planningand Preparation

Prevents Piss PoorPerformance.”

29#$% &$'( )*+%,$- . /0* 10*%('+



DRY RUNS

2!

Perform dry runs. Built a simulatedenvironment as close to the target’s as

possible.

Dry runs will show you in most caseswhat could work and what might not.Have contingencies for everything.

#$% &$'( )*+%,$- . /0* 10*%('+



Remember PACE:

Primary,

Alternate,Contingency, and

Emergency.

22#$% &$'( )*+%,$- . /0* 10*%('+



THANK YOU CONTACT: [email protected]

24#$% &$'( )*+%,$- . /0* 10*%('+

Red Team Mindset

Documents

Transcript of Red Team Mindset