Cyber Red Teaming in Airport and Aviation Industry
Similar to Ethical Hacking Definitions Matter - Covering Vulnerability Scanning, Vulnerability Assessment, Penetration Testing, Red Team, Blue Team, Purple Team, and Adversary Emulation
Similar to Ethical Hacking Definitions Matter - Covering Vulnerability Scanning, Vulnerability Assessment, Penetration Testing, Red Team, Blue Team, Purple Team, and Adversary Emulation (20)
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Ethical Hacking Definitions Matter - Covering Vulnerability Scanning, Vulnerability Assessment, Penetration Testing, Red Team, Blue Team, Purple Team, and Adversary Emulation
1. CYBERSECURITY IN THE DIGITAL ERA WEBCAST SERIES
“HACK YOURSELF FIRST: HANDS ON ETHICAL HACKING”
SPEAKERS:WEBINAR HOST:
Ana Curreya
Marketing Director
DigitalEra Group
Ricardo Martinez
Director of Business
Development
DigitalEra Group
Jorge Orchilles
Professional Hacker
SANS
Thank you for joining our webinar today. We will begin shortly.
3. @jorgeorchilles
• Led the offensive security team at large financial – 10 years!
• Published author with industry contributions including:
• Common Vulnerability Scoring System (CVSSv3.1)
• Threat-led penetration testing framework (GFMA)
• SANS Certified Instructor
• Author of SEC564: Red Team Exercises and Adversary Emulation
• NSI Technologist Fellow
• ISSA fellow
• Board of the ISSA South Florida since 2010
• Author of Windows 7 Administrators Reference
ABOUT @JorgeOrchilles
4. @jorgeorchilles
• A hacker is a skilled individual who uses their technical knowledge to
overcome a problem
• Permission differentiates between ethical and sinister, often called
White Hat and Black Hat respectively
• An Ethical Hacker is a person who hacks into a computer network in
order to test or evaluate its security, rather than with malicious or
criminal intent
https://medium.com/@jorgeorchilles/ethical-hacking-definitions-
9b9a6dad4988
Ethical Hacking
5. @jorgeorchilles
• Definition: Automated (tool-based) scanning against assets (IPs or -
applications)
• Goal: Identify low hanging, known vulnerabilities pre, or post-
authentication
• Effort: Small; requires tool investment
• Many vendors: Tenable Nessus, Rapid7 Nexpose, Qualys, AlientVault,
IBM AppScan, HP WebInspect, etc.
• Focus: Technology vulnerabilities, patches, configuration
• Frequency: Weekly to Monthly
• Customer: System owners and operations teams
Vulnerability Scanning
7. @jorgeorchilles
• Definition: Automated and manual assessment of assets in scope to
find security vulnerabilities, which may or may not be used to get in or
steal data
• Goal: Identify ALL vulnerabilities from assets in scope
• Effort: ~30% tools based and ~70% manual testing
• Focus: Technology and Configurations. Assessments are broader and
often include explicit policy and procedure reviews
• Frequency: Once per year or once per certification of product/version
• Customer: System owners, operations, engineers, application
stakeholders
Vulnerability Assessments
9. @jorgeorchilles
• Definition: exploit the vulnerabilities identified; in a professional, safe
manner according to a carefully designed scope and Rules of
Engagement; to determine business risk and potential impact
• Goal: Report all exploitable vulnerabilities under controlled
circumstances.
• Effort: ~10% tools based and ~90% manual testing
• Focus: technology and preventive controls
• Frequency: ~once per year
• Customer: System owners, operations, engineering, and application
stakeholders
PenetrationTesting
11. @jorgeorchilles
• Common Vulnerability Scoring System (CVSS)
• Exploit Predictability Scoring System (EPSS)
• AttackerKB.com
• Tenable Vulnerability Priority Rating
• Rapid7 Real Risk Score
• Mandiant/FireEye Risk Rating
https://medium.com/@jorgeorchilles/vulnerability-management-is-hard-
how-do-you-prioritize-what-to-patch-1fc8e163d740
Prioritization is Hard!
12. @jorgeorchilles
• Common Vulnerabilities and Exposures (CVE)
• https://cve.mitre.org
• Tactics, Techniques, and Procedures (TTPs)
• https://attack.mitre.org
• Assume Breach
• You will get breached by an exploited vulnerability or a TTP
“I am convinced that there are only two types of companies: those that have been
hacked and those that will be.” – Robert Muller March 1, 2012 RSA
• Can you detect and respond to what comes after?
Evolve from CVE toTTP
13. @jorgeorchilles
• Definition: Red Team emulates Tactics, Techniques, and Procedures (TTPs) of
real adversaries to improve the people, processes, and technology in the
target environment. “The practice of looking at a problem or situation from
the perspective of an adversary” – Red Team Journal 1997
• Goal: Make Blue Team better. Train and measure blue teams' detection and
response policies, procedures, and technologies are effective.
• Effort: Manual; some Red Team Automation tools
• Focus: detective controls; testing the defenders
• Frequency: Intelligence-led (new exploit, tool, or TTP)
• Customer: Blue Teams
RedTeam
14. @jorgeorchilles
• Definition: the defenders in an organization entrusted with identifying
and remediating attacks. Generally associated with Security Operations
Center or Managed Security Service Provider (MSSP), Hunt Team,
Incident Response, and Digital Forensics. Really, it is everyone's
responsibility!
• Goal: identify, report the attack, contain, and eradicate attacks
• Effort: Automated and Manual. People are the best defenders
• Focus: identify, contain, eradicate, and recover from attacks
• Frequency: Every Day 24/7
• Customer: entire organization
BlueTeam
15. @jorgeorchilles
• Definition: A function, or virtual team, where red and blue work
together to improve the overall security of the organization. Red Team
does not focus on stealth as they normally would.
• Goal: Red Team emulates adversary TTPs while blue teams watch and
improve detection and response policies, procedures, and technologies
in real time.
• Effort: Manual
• Frequency: Intelligence-led (new exploit, tool, or TTP)
• Customer: Red Team & Blue Team
PurpleTeam
16. @jorgeorchilles
• Definition: A type of Red Team exercise where the Red Team emulates
how an adversary operates, following the same tactics, techniques, and
procedures (TTPs), with a specific objective similar to those of realistic
threats or adversaries.
• Goal: Emulate an end-to-end attack against a target organization.
Obtain a holistic view of the organization’s preparedness for a real,
sophisticated attack.
• Effort: Manual; more setup than a limited scope Penetration Test
• Frequency: Twice a year or yearly
• Customer: Entire organization
Adversary Emulation
18. • All these ethical hacking and offensive security offerings are meant to
provide value to the business (getting a shell is not business value)
• Understand the business requirements and communicate in business
terms
DigitalEra has partnered with AvanseCyber, where I am an advisor, to
deliver these services, contact us if you are interested in learning more or
if you would like an assessment
Provide Value
www.DigitalEraGroup.com ∣ (786) 621-8600 ∣ info@avansecyber.com
Introduce our Webinar Series
Every Thursday
Weekly Guest Speakers from Industry Leading Vendors
Incentives for participating in each webinar, as well as incentives for participating in consecutive webinars
One-on-one calls scheduled after each webinar where needed
Reference: https://medium.com/@jorgeorchilles/ethical-hacking-definitions-9b9a6dad4988
More reading: https://github.com/redteamethics/redteamethics
Petition: https://www.change.org/p/organizations-support-ethical-hackers