ARE YOU RED TEAM READY?

ARE YOU
RED TEAM READY?
Version: 1.2a
Date: 26/09/2018
Author: Sylvain Martinez
Reference: ESC12-MUSCL
Classification: Public
2
• Vulnerability
Assessment concept;
• Penetration testing
concept;
• Red team concept;
• Traditional cycle;
• Red team cycle;
• Red team realistic
simulation;
• Answering different
questions;
• Hacking scenario;
• Hacking milestones;
• Find targets;
• Get physical access;
• Compromise target;
• Exfiltrate secret;
• Do not get caught!;
• Assembling the team;
• Execution;
• To be careful of;
• To do as a priority;
CONTENTS
PUBLIC
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
• Future of red teams;
• Can you name those
devices?
• Answers
RED TEAM READY
VULNERABILITY ASSESSMENT CONCEPT
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
3RED TEAM READYPUBLIC
LARGE SCALE
AUTOMATED
CHEAP
REGULAR
Icons from the Noun Project unless specified otherwise
PRENETRATION TESTING CONCEPT
4RED TEAM READYPUBLIC
FOCUSED
SKILLED AND MORE MANUAL
COSTS MORE
ON DEMAND/LESS REGULAR
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
RED TEAM CONCEPT
5RED TEAM READYPUBLIC
SCENARIO BASED
HIGHLY SKILLED
EXPANSIVE
ON DEMAND/WHEN NEEDED
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
TRADITIONAL CYCLE
6RED TEAM READYPUBLIC
2. RECONNAISSANCE
1.PREPARATION
3. DISCOVERY
4. VALIDATION
5. ANALYSIS6. REPORTING
7. PRESENTATION
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
RED TEAM CYCLE
7RED TEAM READYPUBLIC
2. RECONNAISSANCE
1.PREPARATION
3. DISCOVERY
4d. EXFILTRATION
5. ANALYSIS6. REPORTING
7. PRESENTATION
4c. FOOTHOLD
4b. EXPLOITATION
4a. VALIDATION
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
RED TEAM REALISTIC SIMULATION
8RED TEAM READYPUBLIC
PHYSICAL / LOGICAL / SOCIAL
EMULATE HACKING TECHNICS
ESTABLISH PERSISTANCE
EXTRACT DATA
DEMONSTRATE
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
ANSWERING DIFFERENT QUESTIONS!
9RED TEAM READYPUBLIC
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
RED TEAM EXERCISE CAN MY CONTRACTS BE STOLEN?
DO WE HAVE VULNERABILITIES?VULNERABILITY ASSESSMENT
CAN MY WEBSITE BE HACKED?PENETRATION TESTING
HACKING SCENARIO
10RED TEAM READYPUBLIC
OBJECTIVES
• FINANCIAL CONTRACT GOT STOLEN 2 MONTHS AGO;
• NOW STORED IN SECURED SERVER IN SECURED ROOM;
• CAN THE CONTRACT BE STOLEN AGAIN?
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
INFORMATION GIVEN
• NAME OF THE CONTRACT;
• 3x INDIVIDUALS’ NAME RELEVANT TO THE CONTRACT;
• THE COUNTRY WHERE THE CONTRACT IS LOCATED.
HACKING MILESTONES
11RED TEAM READYPUBLIC
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
1. FIND TARGETS
2. GET PHYSICAL ACCESS
3. COMPROMISE ASSET
4. EXFILTRATE SECRET
5. DO NOT GET CAUGHT!
FIND TARGETS
12RED TEAM READYPUBLIC
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
GET PHYSICAL ACCESS
13RED TEAM READYPUBLIC
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
COMPROMISE TARGET
14RED TEAM READYPUBLIC
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
EXFILTRATE SECRET
15RED TEAM READYPUBLIC
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
DO NOT GET CAUGHT!
16RED TEAM READYPUBLIC
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
ASSEMBLING THE TEAM
17RED TEAM READYPUBLIC
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
EXECUTION
18RED TEAM READYPUBLIC
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
PROFESSIONALISM MANDATE
TO BE CAREFUL OF
19RED TEAM READYPUBLIC
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
RENAMING PEN TEST TO RED TEAM
KEEPING STAFF HAPPY
TRAINING
STAY SAFE AND DON’T BECOME A TROJAN HORSE
HOW REALISTIC CAN YOU BE
SCENARIOS TOO WIDE/AMBITIOUS
TO DO AS A PRIORITY
20RED TEAM READYPUBLIC
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
CLEAR MILESTONES
STAKEHOLDERS ENGAGEMENT
BE REALISTIC
PROVIDE COMPREHENSIVE THREAT VIEW
GET A TEAM WITH DIFFERENT SKILLS
FUTURE OF RED TEAMS
21RED TEAM READYPUBLIC
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
MORE DEMANDS
PURPLE TEAM
OFFENSIVE LEGITIMISATION
CAN YOU NAME THOSE DEVICES?
22RED TEAM READYPUBLIC
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
ANSWERS
23RED TEAM READYPUBLIC
NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
© 2018 ElysiumSecurity Ltd.
All Rights Reserved
www.elysiumsecurity.com
ABOUT ELYSIUMSECURITY LTD.
ELYSIUMSECURITY provides practical expertise to identify
vulnerabilities, assess their risks and impact, remediate those
risks, prepare and respond to incidents as well as raise security
awareness through an organization.
ELYSIUMSECURITY provides high level expertise gathered
through years of best practices experience in large
international companies allowing us to provide advice best
suited to your business operational model and priorities.
ELYSIUMSECURITY provides a portfolio of Strategic and Tactical
Services to help companies protect and respond against Cyber
Security Threats. We differentiate ourselves by offering
discreet, tailored and specialized engagements.
ELYSIUMSECURITY operates in Mauritius and in Europe,
a boutique style approach means we can easily adapt to your
business operational model and requirements to provide a
personalized service that fits your working environment.
1 of 24

More Related Content

More from Sylvain Martinez

OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDSSylvain Martinez
286 views17 slides
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
888 views27 slides
The Art of CTFThe Art of CTF
The Art of CTFSylvain Martinez
223 views22 slides

More from Sylvain Martinez(19)

INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
Sylvain Martinez618 views
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDS
Sylvain Martinez286 views
IOT SecurityIOT Security
IOT Security
Sylvain Martinez888 views
GDPR SECURITY ISSUESGDPR SECURITY ISSUES
GDPR SECURITY ISSUES
Sylvain Martinez180 views
Mobile Security AssessmentMobile Security Assessment
Mobile Security Assessment
Sylvain Martinez206 views
The Art of CTFThe Art of CTF
The Art of CTF
Sylvain Martinez223 views
OFFICE 365 SECURITYOFFICE 365 SECURITY
OFFICE 365 SECURITY
Sylvain Martinez457 views
Risk on Crypto CurrenciesRisk on Crypto Currencies
Risk on Crypto Currencies
Sylvain Martinez649 views
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
Sylvain Martinez1.1K views
Talk1 esc7 muscl-gdpr_debate_v1_2Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2
Sylvain Martinez195 views
Talk1 esc7 muscl-dataprotection_v1_2Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2
Sylvain Martinez183 views
Ethical HackingEthical Hacking
Ethical Hacking
Sylvain Martinez249 views
INCIDENT HANDLING IN ORGANISATIONSINCIDENT HANDLING IN ORGANISATIONS
INCIDENT HANDLING IN ORGANISATIONS
Sylvain Martinez157 views
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPON
Sylvain Martinez278 views
Talk2 esc4 muscl-ids_v1_2Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2
Sylvain Martinez766 views
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2b
Sylvain Martinez285 views
Talk1 muscl club_v1_2Talk1 muscl club_v1_2
Talk1 muscl club_v1_2
Sylvain Martinez140 views

Recently uploaded(20)

The Research Portal of Catalonia: Growing more (information) & more (services)The Research Portal of Catalonia: Growing more (information) & more (services)
The Research Portal of Catalonia: Growing more (information) & more (services)
CSUC - Consorci de Serveis Universitaris de Catalunya51 views
Green Leaf Consulting: Capabilities DeckGreen Leaf Consulting: Capabilities Deck
Green Leaf Consulting: Capabilities Deck
GreenLeafConsulting170 views
ThroughputThroughput
Throughput
Moisés Armani Ramírez28 views
CXL at OCPCXL at OCP
CXL at OCP
CXL Forum183 views
Web Dev - 1 PPT.pdfWeb Dev - 1 PPT.pdf
Web Dev - 1 PPT.pdf
gdsczhcet48 views

ARE YOU RED TEAM READY?

  • 1. ARE YOU RED TEAM READY? Version: 1.2a Date: 26/09/2018 Author: Sylvain Martinez Reference: ESC12-MUSCL Classification: Public
  • 2. 2 • Vulnerability Assessment concept; • Penetration testing concept; • Red team concept; • Traditional cycle; • Red team cycle; • Red team realistic simulation; • Answering different questions; • Hacking scenario; • Hacking milestones; • Find targets; • Get physical access; • Compromise target; • Exfiltrate secret; • Do not get caught!; • Assembling the team; • Execution; • To be careful of; • To do as a priority; CONTENTS PUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT • Future of red teams; • Can you name those devices? • Answers RED TEAM READY
  • 3. VULNERABILITY ASSESSMENT CONCEPT NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT 3RED TEAM READYPUBLIC LARGE SCALE AUTOMATED CHEAP REGULAR Icons from the Noun Project unless specified otherwise
  • 4. PRENETRATION TESTING CONCEPT 4RED TEAM READYPUBLIC FOCUSED SKILLED AND MORE MANUAL COSTS MORE ON DEMAND/LESS REGULAR NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  • 5. RED TEAM CONCEPT 5RED TEAM READYPUBLIC SCENARIO BASED HIGHLY SKILLED EXPANSIVE ON DEMAND/WHEN NEEDED NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  • 6. TRADITIONAL CYCLE 6RED TEAM READYPUBLIC 2. RECONNAISSANCE 1.PREPARATION 3. DISCOVERY 4. VALIDATION 5. ANALYSIS6. REPORTING 7. PRESENTATION NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  • 7. RED TEAM CYCLE 7RED TEAM READYPUBLIC 2. RECONNAISSANCE 1.PREPARATION 3. DISCOVERY 4d. EXFILTRATION 5. ANALYSIS6. REPORTING 7. PRESENTATION 4c. FOOTHOLD 4b. EXPLOITATION 4a. VALIDATION NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  • 8. RED TEAM REALISTIC SIMULATION 8RED TEAM READYPUBLIC PHYSICAL / LOGICAL / SOCIAL EMULATE HACKING TECHNICS ESTABLISH PERSISTANCE EXTRACT DATA DEMONSTRATE NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  • 9. ANSWERING DIFFERENT QUESTIONS! 9RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT RED TEAM EXERCISE CAN MY CONTRACTS BE STOLEN? DO WE HAVE VULNERABILITIES?VULNERABILITY ASSESSMENT CAN MY WEBSITE BE HACKED?PENETRATION TESTING
  • 10. HACKING SCENARIO 10RED TEAM READYPUBLIC OBJECTIVES • FINANCIAL CONTRACT GOT STOLEN 2 MONTHS AGO; • NOW STORED IN SECURED SERVER IN SECURED ROOM; • CAN THE CONTRACT BE STOLEN AGAIN? NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT INFORMATION GIVEN • NAME OF THE CONTRACT; • 3x INDIVIDUALS’ NAME RELEVANT TO THE CONTRACT; • THE COUNTRY WHERE THE CONTRACT IS LOCATED.
  • 11. HACKING MILESTONES 11RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT 1. FIND TARGETS 2. GET PHYSICAL ACCESS 3. COMPROMISE ASSET 4. EXFILTRATE SECRET 5. DO NOT GET CAUGHT!
  • 12. FIND TARGETS 12RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  • 13. GET PHYSICAL ACCESS 13RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  • 14. COMPROMISE TARGET 14RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  • 15. EXFILTRATE SECRET 15RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  • 16. DO NOT GET CAUGHT! 16RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  • 17. ASSEMBLING THE TEAM 17RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  • 18. EXECUTION 18RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT PROFESSIONALISM MANDATE
  • 19. TO BE CAREFUL OF 19RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT RENAMING PEN TEST TO RED TEAM KEEPING STAFF HAPPY TRAINING STAY SAFE AND DON’T BECOME A TROJAN HORSE HOW REALISTIC CAN YOU BE SCENARIOS TOO WIDE/AMBITIOUS
  • 20. TO DO AS A PRIORITY 20RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT CLEAR MILESTONES STAKEHOLDERS ENGAGEMENT BE REALISTIC PROVIDE COMPREHENSIVE THREAT VIEW GET A TEAM WITH DIFFERENT SKILLS
  • 21. FUTURE OF RED TEAMS 21RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT MORE DEMANDS PURPLE TEAM OFFENSIVE LEGITIMISATION
  • 22. CAN YOU NAME THOSE DEVICES? 22RED TEAM READYPUBLIC NEXTCHALLENGESCASE STUDYFRAMEWORKCONTEXT
  • 24. © 2018 ElysiumSecurity Ltd. All Rights Reserved www.elysiumsecurity.com ABOUT ELYSIUMSECURITY LTD. ELYSIUMSECURITY provides practical expertise to identify vulnerabilities, assess their risks and impact, remediate those risks, prepare and respond to incidents as well as raise security awareness through an organization. ELYSIUMSECURITY provides high level expertise gathered through years of best practices experience in large international companies allowing us to provide advice best suited to your business operational model and priorities. ELYSIUMSECURITY provides a portfolio of Strategic and Tactical Services to help companies protect and respond against Cyber Security Threats. We differentiate ourselves by offering discreet, tailored and specialized engagements. ELYSIUMSECURITY operates in Mauritius and in Europe, a boutique style approach means we can easily adapt to your business operational model and requirements to provide a personalized service that fits your working environment.