This document provides an overview of red teaming in the context of airport and aviation cyber security. It begins with examples of past cyber attacks on airports, then defines red teaming as simulating threats to help evaluate security preparedness. The document outlines the minimum skills needed for a red teamer and different engagement approaches. It presents an example red team attack scenario on an airport operations center and discusses takeaways from a red team assessment, such as improving visibility of attack surfaces and measuring security response effectiveness. The goal is to help organizations strengthen their defenses by thinking like attackers.
2. VANTAGEPOINT
def Saeid();
• Senior Security Consultant @ VP
• Crest / Offensive Security Certified (OCSP/E)
• Over 10 years In the Industry
• Offsec, Red Teamer, Ring0 Fuzzer
• Passionate about security
I don’t like to get caught
Specific focus on offensive and stealthy
operations
3. VANTAGEPOINT
This presentation will cover
Quick History of Cyber Attacks in Airport
What is Red Teaming
Minimum skillset as a Red Teamer
Engagement Points
RT Attack Overview & Scenario
Post Assessment Takeaway
4. VANTAGEPOINT
Recent cyber attacks on airport
• On 7th Aug. 2015, it was disclosed that the
database of American airlines (AA) and Sabre
Corp, one of the largest clearing houses for
travel reservations, were hacked.
• Miami international airport (MIA) has
experienced almost 20,000 hack attempts per
day before investing in training, education, and
new hardware to protect itself from
cyberattack.
• 2016-2017 – WannaCry, Petya..Ransomware…
5. VANTAGEPOINT
Recent cyber attacks on airport
• On 7th Aug. 2015, it was disclosed that the
database of American airlines (AA) and
Sabre Corp, one of the largest clearing
houses for travel reservations, were hacked.
• Miami international airport (MIA) has
experienced almost 20,000 hack attempts
per day before investing in training,
education, and new hardware to protect
itself from cyberattack.
• 2016-2017 – WannaCry,
Petya..Ransomware…
6. VANTAGEPOINT
Recent cyber attacks on airport
• On 7th Aug. 2015, it was disclosed that the
database of American airlines (AA) and
Sabre Corp, one of the largest clearing
houses for travel reservations, were hacked.
• Miami international airport (MIA) has
experienced almost 20,000 hack attempts
per day before investing in training,
education, and new hardware to protect
itself from cyberattack.
• 2016-2017 – WannaCry,
Petya..Ransomware…
2014 – Account Backdoor on
Airport X-Ray Scanner
Attackers may be able to use
the account as backdoor to
get to the system
7. VANTAGEPOINT
Recent cyber attacks on airport
• On 7th Aug. 2015, it was disclosed that the
database of American airlines (AA) and
Sabre Corp, one of the largest clearing
houses for travel reservations, were hacked.
• Miami international airport (MIA) has
experienced almost 20,000 hack attempts
per day before investing in training,
education, and new hardware to protect
itself from cyberattack.
• 2016-2017 – WannaCry,
Petya..Ransomware…
8. • On 7th Aug. 2015, it was disclosed that the
database of American airlines (AA) and
Sabre Corp, one of the largest clearing
houses for travel reservations, were hacked.
• Miami international airport (MIA) has
experienced almost 20,000 hack attempts
per day before investing in training,
education, and new hardware to protect
itself from cyberattack.
• 2016-2017 – WannaCry,
Petya..Ransomware…
VANTAGEPOINT
Recent cyber attacks on airport
11. VANTAGEPOINT
Airport Delicious target for hacker?!
• Insiders (employees, contractors, etc.) who have legitimate access to the APOC, either by accidental
or deliberate misuse (e.g. when threatened by terrorists)
• Hacktivists, who have a cause to fight for (such as political or ideological motives)
• Hackers or virus writers, who find interfering with computer systems an enjoyable challenge
• Business competitors and foreign intelligence services, interested in gaining an
economic advantage for their companies or countries
• Cyber-criminals, who are interested in making money through fraud or from the sale ofvaluable
information
• Terrorists, who are interested in obtaining and using sensitive information to launch a conventional
attack
• Organized crime, who are interested in obtaining financial reward or ransom in exchange of not
provoking cancellations or flight disruptions
• State Cyber-Forces, who have large amounts of resources at their disposal, state backing and are
very highly skilled
15. VANTAGEPOINT
Active defense is our only option:
• Firewalls
• Multi-Tiered Networks
• IDS and Monitoring Systems
• Security Operations
• Analytics
• DLP / Encryption
• Actionable Intelligence
• Okay-ish patch cycle.
• Strong user account & password policies.
• Security staff (blue team).
We build a “Castle on a Hill”
But this gets us no closer to knowing what’s coming or how to prepare.
Spis Castle, Slovakia. It’s incredible.
16. VANTAGEPOINT
What is Red Teaming ?
• Originally a military term used for a decision making process.
• Attempting to predict the movements of an adversary by using
Alternative Analysis.
• Predict what will happen in a particular scenario.
• Creating and simulating worst case scenarios.
• Red Teams are growing in popularity.
• Red Teaming has become a strategy evaluation and decision
making technique.
• Used by many different sectors and industries.
17. VANTAGEPOINT
What is Red Teaming ?
• Red Teams try to answer the “What If” question.
If tomorrow we became the target of Anonymous.
A foreign state
A disgruntled employee who didn't get his bonus
An eastern European cyber crime/ransomware gang
An international competitor wanting to find a commercial edge
Could this happen?
How easily ?
What is the impact ?
What if our CEO left his iPhone in a taxi?
18. VANTAGEPOINT
Red-Teaming have multiple meanings:
• It can mean threat emulation, in the U.S. Marine Corps
• It can mean as conducting a vulnerability assessment
• It can mean using analytical techniques in the DoD
Red Teaming meaning in different areas
Common in the goal of improving decision making through critical thinking and analysis.
25. Engagement Points
Maliciou
s Insider
Externa
l
Hacker
External Threat Approach: Act as an
external threat. Hack without any
access to internal resources.
Insider Threat Approach: Act as an
insider threat. This approach does not
require to do social engineering, web
hacking, etc..
VANTAGEPOINT
32. VANTAGEPOINT
Red Team Attack Scenario
Spear-Phishing
targeted decision
makers of APOC
Compromise their
systems by
Attachments or URL
Privilege Escalation to
get the full control over
their systems
Map the network using
the infected machines
and use LinkedIn as C2
Avoid detection:
encrypt all the
communication
Infect the Active
Directory
Gain full control
over APOC
systems
Data Exfiltration
34. VANTAGEPOINT
Red Team Attack Scenario
Spear-Phishing
targeted decision
makers of APOC
Compromise their
systems by
Attachments or URL
Privilege Escalation to
get the full control over
their systems
Map the network using
the infected machines
and use LinkedIn as C2
Avoid detection:
encrypt all the
communication
Infect the Active
Directory
Gain full control
over APOC
systems
Data Exfiltration
37. Post Assessment Takeaway
Visibility in your
Attack Surface
How effective is your
Blue Team? (IR
Team)
Measuring of Time to
Detect – Time to
Remediate
Does your product
work as expected?
Does your product
implemented and
configured correctly?
Discovering Security
Design Flaws
Identify
vulnerabilities in PPT
(People, Process and
Technology)
Identify the crown
jewels
How good is your
organization overall
posture?
How your
organization respond
to threats and
attacks?
How good is your
decision maker?
VANTAGEPOINT
A red team or the red team is an independent group that challenges an organization to improve its effectiveness.
its is an independent group that challenges an organization to improve its effectiveness.
its is an independent group that challenges an organization to improve its effectiveness.
its is an independent group that challenges an organization to improve its effectiveness.
its is an independent group that challenges an organization to improve its effectiveness.
its is an independent group that challenges an organization to improve its effectiveness.
its is an independent group that challenges an organization to improve its effectiveness.
its is an independent group that challenges an organization to improve its effectiveness.
its is an independent group that challenges an organization to improve its effectiveness.
its is an independent group that challenges an organization to improve its effectiveness.
its is an independent group that challenges an organization to improve its effectiveness.
its is an independent group that challenges an organization to improve its effectiveness.
its is an independent group that challenges an organization to improve its effectiveness.
the mindset of humility that is recognition that you are working for a job and you cant conceive all of the problems that your organization faces. If you think about your own profession, you will recognize that you work very close to others and you probably think very similar to them, you probably have a boss that you afraid to share your most challenging views with, you will think its pointless, researchers found out that people don’t like to find out the blind spot of their organization and challenge the assumptions where they work and its very difficult to conceive the adversary perspective, once you accept the fact that you can not grade your homework, red teams are an approach to get around this institutional pathology that we are faced, no matter where we work. especially in the companies with Bureaucracy that is any degree of hierarchy into it.
Is the practice of viewing a problem from an adversary or competitor’s perspective. The goal of most red teams is to enhance decision making, either by specifying the adversary’s preferences and strategies or by simply acting as a devil’s advocate.
the process of using tactics, techniques, and procedures (TTPs) to emulate a real-world threat with the goals of training and measuring the effectiveness of people, processes and technology used to defend an environment.
Businesses, governmental agencies, the Department of Defense, and each of the services have their own definition of red teaming and views on how to apply it.
It can mean threat emulation, also known as “role-playing the adversary”, which is how the U.S. Marine Corps uses the term.
It can meant as conducting a vulnerability assessment of a process or system design to determine its weaknesses.
It can meant using analytical techniques in order to improve intelligence estimates and intelligence synchronization, common in the DOD and governmental intelligence agencies.
While these definitions seem unrelated, they have in common the ultimate goal of improving decision making through critical thinking and analysis.
ROI removed
Red Team members are cutting-edge technical experts in a multitude
of IT domains and are used as consultants by other services
within the security department.
Red Team members are cutting-edge technical experts in a multitude
of IT domains and are used as consultants by other services
within the security department.
Red Team members are cutting-edge technical experts in a multitude
of IT domains and are used as consultants by other services
within the security department.
Red Team members are cutting-edge technical experts in a multitude
of IT domains and are used as consultants by other services
within the security department.
External Threat Approach: Act as an external threat. Hack without any access to internal resources. (E.g. Phishing, social engineering, Password Guessing, Web Hacking)
Insider Threat Approach: Act as an insider threat. This approach does not require to do social engineering, web hacking, etc.. So bypassing anti-phishing or anti-spam is not required. The attacker simply connects his mini broadband dongle to a network node and run away!
This is why it's important to understand attacker capabilities when building your threat model...
its is an independent group that challenges an organization to improve its effectiveness.
its is an independent group that challenges an organization to improve its effectiveness.
its is an independent group that challenges an organization to improve its effectiveness.