Your SlideShare is downloading. ×
0
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Painting a Company Red and Blue
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Painting a Company Red and Blue

1,027

Published on

"Say red team one more time. I dare you. I double dare you. The term red team has been recently more abused than cyber. And it's making us all hurt in ways we need dolls to point where the bad man …

"Say red team one more time. I dare you. I double dare you. The term red team has been recently more abused than cyber. And it's making us all hurt in ways we need dolls to point where the bad man touched us. Time to get back to business: In this talk we'll get down and dirty on how a company can actually see a benefit from red teaming. Beyond the red team having fun and bragging rights. Actual ROI. Dirty business speak...
We'll explore some recent examples of implementing red team engagements along with good ol'e blue work, cutting the fat in the security practice of companies, and getting actionable work done. "

Published in: Business
1 Comment
2 Likes
Statistics
Notes
  • Great Vision on what security Need. Business don't care about popping shells.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
1,027
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
17
Comments
1
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  1. Painting a Company Red and Blue Ian Amit Director of Services
  2. Hi
  3. What is a Red Team?
  4. What is a Red Team?
  5. electronic socialphysical Red Team
  6. electronic socialphysical Red Team
  7. Why?
  8. Why?
  9. Red TeamPentestVuln Scan
  10. Red TeamPentestVuln Scan
  11. Compliant you are. Matter it does not.
  12. There is security outside of IT
  13. What to look for in a team?
  14. Skills Matrix Electronic Physical Social Bob 5 9 1 Joe 3 8 9 Jenny 9 4 7 *Neither Bob, Joe nor Jenny were hurt in making this slide
  15. First rule Go for the jugular ! • What can take the business down? • Who is involved???
  16. vs.
  17. Second Rule Give it all you’ve got
  18. Second Rule Give it all you’ve got “You start as fast as you can go, and then slowly speed up” Krembo
  19. Let’s paint!
  20. Red Team Blue Team • Simulate real intelligence gathering • Create key personnel profiles • Identify social weak points ! • Identify and control public information • Train key personnel on personal safety • Work with HR on social issues
  21. The RAP Console is unauthenticated and displays information about the access point. Figure 1 shows a screenshot of the RAP Console home page. Figure 1: Unauthenticated RAP Console On the Diagnostics tab it is possible to view the conn_log, sapd_debug, dmseg, and rapper debug logs. The rapper debug log will log the PAP Username:
  22. The RAP Console is unauthenticated and displays information about the access point. Figure 1 shows a screenshot of the RAP Console home page. Figure 1: Unauthenticated RAP Console On the Diagnostics tab it is possible to view the conn_log, sapd_debug, dmseg, and rapper debug logs. The rapper debug log will log the PAP Username: Wireless Network Penetration Testing Services setup_tunnel Initialized Timers IKE_init: completed after (0.0) (pid:16341) time:1999-12-31 16:37:53 seconds. Before getting PSK PSK:****** User:xiaobo1 Pass:****** A more serious information disclosure is the “Generate & save support file” option available on the home page of the RAP Console. The support.tgz file contained 73 files, including the ikepsk, pappasswd, and papuser files, as shown in Figure 2.
  23. Red Team Blue Team • Supply chain compromise • Piercing the perimeter paradigm • Access internal resources without controls ! • IT is solid - go beyond the technology • Expand monitoring towards the “unknown” • Role based access controls on top of location/asset based.
  24. Red Team Blue Team • Uncover new/ undocumented assets • Leverage technical issues in devices that control environment • Combine environment control with social engineering • Expand control base into additional aspects of business • Recruit stakeholders • Train and educate personnel from other business units, learn the details of their business
  25. Red Team Blue Team • Access critical assets out of their element • Avoid triggering alarms on heavily guarded areas ! ! • Scope secondary/ tertiary locations for assets • Correlate alerts for same asset category
  26. Red Team Blue Team • Access non-production equipment. • Implant backdoors for later use ! ! • Involvement in security should be started in early phases of design and testing • Test-to-production should be scrutinized and no test setup should be relied on (same for default manufacturer settings)
  27. Red Team Blue Team • Virtualized environments and out of band management for servers compromises • Completely bypass host security. Full access to bios level configuration, full KVM access remotely. ! • Datacenter security - both physical, as well as internal and vendor support • Logging and auditing of all access to assets - including correlation of local and remote access with additional footprints (doors,VPNs)
  28. Blue Team Work
  29. Quick response: assess, involve, minimize damage, control environment, apply learning to process/people/technology
  30. Trigger Warning: Business Speak!
  31. • ROI • Buy-In • Identify Risks and Gaps • Processes • People • Technology • Reapply to Organization Q1-1 20 40 60 80 Blue Red
  32. • ROI • Buy-In • Identify Risks and Gaps • Processes • People • Technology • Reapply to Organization Q3-2 20 40 60 80 Blue Red
  33. Retest /Verify You can’t just click “go” again… ! ! Retest/verify means reasserting core issue is addressed - to create new scenario that includes it!
  34. Deliver
  35. Deliver
  36. Deliver Don’t sell
  37. Questions? Ian Amit @iiamit

×