Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
ARE YOU RED TEAM READY? Version: 1.2a Date: 26/09/2018 Author: Sylvain Martinez Reference: ESC12-MUSCL Classification: Pub...
2 • Vulnerability Assessment concept; • Penetration testing concept; • Red team concept; • Traditional cycle; • Red team c...
VULNERABILITY ASSESSMENT CONCEPT NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT 3RED TEAM READYPUBLIC LARGE SCALE AUTOMATED CHEA...
PRENETRATION TESTING CONCEPT 4RED TEAM READYPUBLIC FOCUSED SKILLED AND MORE MANUAL COSTS MORE ON DEMAND/LESS REGULAR NEXTC...
RED TEAM CONCEPT 5RED TEAM READYPUBLIC SCENARIO BASED HIGHLY SKILLED EXPANSIVE ON DEMAND/WHEN NEEDED NEXTCHALLENGESCASE ST...
TRADITIONAL CYCLE 6RED TEAM READYPUBLIC 2. RECONNAISSANCE 1.PREPARATION 3. DISCOVERY 4. VALIDATION 5. ANALYSIS6. REPORTING...
RED TEAM CYCLE 7RED TEAM READYPUBLIC 2. RECONNAISSANCE 1.PREPARATION 3. DISCOVERY 4d. EXFILTRATION 5. ANALYSIS6. REPORTING...
RED TEAM REALISTIC SIMULATION 8RED TEAM READYPUBLIC PHYSICAL / LOGICAL / SOCIAL EMULATE HACKING TECHNICS ESTABLISH PERSIST...
ANSWERING DIFFERENT QUESTIONS! 9RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT RED TEAM EXERCISE CAN MY CON...
HACKING SCENARIO 10RED TEAM READYPUBLIC OBJECTIVES • FINANCIAL CONTRACT GOT STOLEN 2 MONTHS AGO; • NOW STORED IN SECURED S...
HACKING MILESTONES 11RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT 1. FIND TARGETS 2. GET PHYSICAL ACCESS ...
FIND TARGETS 12RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
GET PHYSICAL ACCESS 13RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
COMPROMISE TARGET 14RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
EXFILTRATE SECRET 15RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
DO NOT GET CAUGHT! 16RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
ASSEMBLING THE TEAM 17RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
EXECUTION 18RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT PROFESSIONALISM MANDATE
TO BE CAREFUL OF 19RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT RENAMING PEN TEST TO RED TEAM KEEPING STA...
TO DO AS A PRIORITY 20RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT CLEAR MILESTONES STAKEHOLDERS ENGAGEME...
FUTURE OF RED TEAMS 21RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT MORE DEMANDS PURPLE TEAM OFFENSIVE LEG...
CAN YOU NAME THOSE DEVICES? 22RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
ANSWERS 23RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
© 2018 ElysiumSecurity Ltd. All Rights Reserved www.elysiumsecurity.com ABOUT ELYSIUMSECURITY LTD. ELYSIUMSECURITY provide...
Upcoming SlideShare
Loading in …5
×

ARE YOU RED TEAM READY?

53 views

Published on

A look at what makes a Red Team special versus more traditional security services such as Vulnerability Assessment and Penetration Testing. Use case will also be provided to illustrate the points made in the presentation.

Published in: Technology
no profile picture user

  • Be the first to comment

ARE YOU RED TEAM READY?

  1. 1. ARE YOU RED TEAM READY? Version: 1.2a Date: 26/09/2018 Author: Sylvain Martinez Reference: ESC12-MUSCL Classification: Public
  2. 2. 2 • Vulnerability Assessment concept; • Penetration testing concept; • Red team concept; • Traditional cycle; • Red team cycle; • Red team realistic simulation; • Answering different questions; • Hacking scenario; • Hacking milestones; • Find targets; • Get physical access; • Compromise target; • Exfiltrate secret; • Do not get caught!; • Assembling the team; • Execution; • To be careful of; • To do as a priority; CONTENTS PUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT • Future of red teams; • Can you name those devices? • Answers RED TEAM READY
  3. 3. VULNERABILITY ASSESSMENT CONCEPT NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT 3RED TEAM READYPUBLIC LARGE SCALE AUTOMATED CHEAP REGULAR Icons from the Noun Project unless specified otherwise
  4. 4. PRENETRATION TESTING CONCEPT 4RED TEAM READYPUBLIC FOCUSED SKILLED AND MORE MANUAL COSTS MORE ON DEMAND/LESS REGULAR NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  5. 5. RED TEAM CONCEPT 5RED TEAM READYPUBLIC SCENARIO BASED HIGHLY SKILLED EXPANSIVE ON DEMAND/WHEN NEEDED NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  6. 6. TRADITIONAL CYCLE 6RED TEAM READYPUBLIC 2. RECONNAISSANCE 1.PREPARATION 3. DISCOVERY 4. VALIDATION 5. ANALYSIS6. REPORTING 7. PRESENTATION NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  7. 7. RED TEAM CYCLE 7RED TEAM READYPUBLIC 2. RECONNAISSANCE 1.PREPARATION 3. DISCOVERY 4d. EXFILTRATION 5. ANALYSIS6. REPORTING 7. PRESENTATION 4c. FOOTHOLD 4b. EXPLOITATION 4a. VALIDATION NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  8. 8. RED TEAM REALISTIC SIMULATION 8RED TEAM READYPUBLIC PHYSICAL / LOGICAL / SOCIAL EMULATE HACKING TECHNICS ESTABLISH PERSISTANCE EXTRACT DATA DEMONSTRATE NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  9. 9. ANSWERING DIFFERENT QUESTIONS! 9RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT RED TEAM EXERCISE CAN MY CONTRACTS BE STOLEN? DO WE HAVE VULNERABILITIES?VULNERABILITY ASSESSMENT CAN MY WEBSITE BE HACKED?PENETRATION TESTING
  10. 10. HACKING SCENARIO 10RED TEAM READYPUBLIC OBJECTIVES • FINANCIAL CONTRACT GOT STOLEN 2 MONTHS AGO; • NOW STORED IN SECURED SERVER IN SECURED ROOM; • CAN THE CONTRACT BE STOLEN AGAIN? NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT INFORMATION GIVEN • NAME OF THE CONTRACT; • 3x INDIVIDUALS’ NAME RELEVANT TO THE CONTRACT; • THE COUNTRY WHERE THE CONTRACT IS LOCATED.
  11. 11. HACKING MILESTONES 11RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT 1. FIND TARGETS 2. GET PHYSICAL ACCESS 3. COMPROMISE ASSET 4. EXFILTRATE SECRET 5. DO NOT GET CAUGHT!
  12. 12. FIND TARGETS 12RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  13. 13. GET PHYSICAL ACCESS 13RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  14. 14. COMPROMISE TARGET 14RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  15. 15. EXFILTRATE SECRET 15RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  16. 16. DO NOT GET CAUGHT! 16RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  17. 17. ASSEMBLING THE TEAM 17RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  18. 18. EXECUTION 18RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT PROFESSIONALISM MANDATE
  19. 19. TO BE CAREFUL OF 19RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT RENAMING PEN TEST TO RED TEAM KEEPING STAFF HAPPY TRAINING STAY SAFE AND DON’T BECOME A TROJAN HORSE HOW REALISTIC CAN YOU BE SCENARIOS TOO WIDE/AMBITIOUS
  20. 20. TO DO AS A PRIORITY 20RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT CLEAR MILESTONES STAKEHOLDERS ENGAGEMENT BE REALISTIC PROVIDE COMPREHENSIVE THREAT VIEW GET A TEAM WITH DIFFERENT SKILLS
  21. 21. FUTURE OF RED TEAMS 21RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT MORE DEMANDS PURPLE TEAM OFFENSIVE LEGITIMISATION
  22. 22. CAN YOU NAME THOSE DEVICES? 22RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  23. 23. ANSWERS 23RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  24. 24. © 2018 ElysiumSecurity Ltd. All Rights Reserved www.elysiumsecurity.com ABOUT ELYSIUMSECURITY LTD. ELYSIUMSECURITY provides practical expertise to identify vulnerabilities, assess their risks and impact, remediate those risks, prepare and respond to incidents as well as raise security awareness through an organization. ELYSIUMSECURITY provides high level expertise gathered through years of best practices experience in large international companies allowing us to provide advice best suited to your business operational model and priorities. ELYSIUMSECURITY provides a portfolio of Strategic and Tactical Services to help companies protect and respond against Cyber Security Threats. We differentiate ourselves by offering discreet, tailored and specialized engagements. ELYSIUMSECURITY operates in Mauritius and in Europe, a boutique style approach means we can easily adapt to your business operational model and requirements to provide a personalized service that fits your working environment.

×