Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Red teaming probably isn't for you

4,416 views

Published on

Everyone is talking about or asking for red teaming. Most of them are getting it wrong. I talk about the history and definitions of red teaming, what you should be doing before you bother with red teaming and critical issues to watch out for when you do leverage it.

Published in: Internet

Red teaming probably isn't for you

  1. 1. • • • • • • • • • • • • •
  2. 2. ALL CONTENT, OPINIONS, ASSERTIONS, CLAIMS, EXHORTATIONS, DENIALS (OR ANYTHING ELSE I SAY OR WRITE) ARE MY OWN AND IN NO WAY REPRESENT THE VIEWS OF MY EMPLOYER (OR ANYONE BUT MYSELF)
  3. 3. • • • • • • TOBY00@GMAIL.COM • •
  4. 4. • • • • • • •
  5. 5. • • • • • 1. Red Team – Micah Zenko 2. https://redteamjournal.com/2016/04/the-roots-of-red-teaming-praemeditatio-malorum/
  6. 6. • • • • •
  7. 7. • • 1. https://redteamjournal.com/red-teaming-and-alternative-analysis/ 2. http://usacac.army.mil/sites/default/files/documents/ufmcs/The_Applied_Critical_Thi nking_Handbook_v7.0.pdf
  8. 8. • • • • • • •
  9. 9. • • • • • • • • • • • • • 1. https://medium.com/@thegrugq/cyber-ignore-the-penetration-testers-900e76a49500
  10. 10. 1. Red Teaming Law #7 (https://redteamjournal.com/red-teaming-laws/)
  11. 11. • • •
  12. 12. IT CAN’T BE THAT HARD TO DO ATTACK MODELING • • • • • • • • • • • • • •
  13. 13. YEAH BUT WE ARE ALREADY REALLY GOOD AT CRITICAL ANALYSIS! • • • • •
  14. 14. • •
  15. 15. • • • • • 1. https://www.itstactical.com/digicom/security/red-teaming-and-the-adversarial-mindset-have-a- plan-backup-plan-and-escape-plan/
  16. 16. • • • • • • 1. Fusion-X Expanded Cyber Kill Chain https://www.blackhat.com/docs/us-16/materials/us-16- Malone-Using-An-Expanded-Cyber-Kill-Chain-Model-To-Increase-Attack-Resiliency.pdf
  17. 17. • • • •
  18. 18. • • • • • • • • • • •
  19. 19. • • • • • • • • 1. https://medium.com/@thegrugq/cyber-ignore-the-penetration-testers-900e76a49500
  20. 20. 1. Rodney Faraon; Red Team (Micah Zenko)
  21. 21. • HTTPS://REDTEAMJOURNAL.COM/RED-TEAMING-LAWS/ • HTTPS://REDTEAMS.NET • • • • HTTP://SOURCESANDMETHODS.BLOGSPOT.COM/ • HTTP://SOURCESANDMETHODS.BLOGSPOT.COM/2017/02/FREE-GOOGLE-SPREADSHEET-ACH-TEMPLATE.HTML • • HTTP://USACAC.ARMY.MIL/SITES/DEFAULT/FILES/DOCUMENTS/UFMCS/THE_APPLIED_CRITICAL_THINKING_HANDBOOK_V7.0.PDF • • HTTP://FAS.ORG/IRP/DODDIR/DOD/JDN1_16.PDF • • HTTPS://WWW.BLACKHAT.COM/DOCS/US-16/MATERIALS/US-16-MALONE-USING-AN-EXPANDED-CYBER-KILL-CHAIN-MODEL-TO-INCREASE- ATTACK-RESILIENCY.PDF • • HTTPS://WWW.ITSTACTICAL.COM/DIGICOM/SECURITY/RED-TEAMING-AND-THE-ADVERSARIAL-MINDSET-HAVE-A-PLAN-BACKUP-PLAN-AND-ESCAPE- PLAN/

×