SlideShare a Scribd company logo

Red Teaming Airport Cybersecurity

S
Saeid Atabaki

This document provides an overview of red teaming in the context of airport and aviation cyber security. It begins with examples of past cyber attacks on airports, then defines red teaming as simulating threats to help evaluate security preparedness. The document outlines the minimum skills needed for a red teamer and different engagement approaches. It presents an example red team attack scenario on an airport operations center and discusses takeaways from a red team assessment, such as improving visibility of attack surfaces and measuring security response effectiveness. The goal is to help organizations strengthen their defenses by thinking like attackers.

Presentations & Public Speaking
1 of 38
VANTAGEPOINT Cyber Red Teaming in Airport and Aviation
VANTAGEPOINT def Saeid(); • Senior Security Consultant @ VP • Crest / Offensive Security Certified (OCSP/E) • Over 10 years In the Industry • Offsec, Red Teamer, Ring0 Fuzzer • Passionate about security  I don’t like to get caught  Specific focus on offensive and stealthy operations
VANTAGEPOINT This presentation will cover Quick History of Cyber Attacks in Airport What is Red Teaming Minimum skillset as a Red Teamer Engagement Points RT Attack Overview & Scenario Post Assessment Takeaway
VANTAGEPOINT Recent cyber attacks on airport • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware…
VANTAGEPOINT Recent cyber attacks on airport • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware…
VANTAGEPOINT Recent cyber attacks on airport • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware… 2014 – Account Backdoor on Airport X-Ray Scanner Attackers may be able to use the account as backdoor to get to the system
VANTAGEPOINT Recent cyber attacks on airport • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware…
• On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware… VANTAGEPOINT Recent cyber attacks on airport
VANTAGEPOINT Airport Delicious target for hacker?!
VANTAGEPOINT Airport Delicious target for hacker?!
VANTAGEPOINT Airport Delicious target for hacker?! • Insiders (employees, contractors, etc.) who have legitimate access to the APOC, either by accidental or deliberate misuse (e.g. when threatened by terrorists) • Hacktivists, who have a cause to fight for (such as political or ideological motives) • Hackers or virus writers, who find interfering with computer systems an enjoyable challenge • Business competitors and foreign intelligence services, interested in gaining an economic advantage for their companies or countries • Cyber-criminals, who are interested in making money through fraud or from the sale ofvaluable information • Terrorists, who are interested in obtaining and using sensitive information to launch a conventional attack • Organized crime, who are interested in obtaining financial reward or ransom in exchange of not provoking cancellations or flight disruptions • State Cyber-Forces, who have large amounts of resources at their disposal, state backing and are very highly skilled
VANTAGEPOINT The Problem???!
VANTAGEPOINT The Problem???!
VANTAGEPOINT The Problem???! What we are doing wrong?
VANTAGEPOINT Active defense is our only option: • Firewalls • Multi-Tiered Networks • IDS and Monitoring Systems • Security Operations • Analytics • DLP / Encryption • Actionable Intelligence • Okay-ish patch cycle. • Strong user account & password policies. • Security staff (blue team). We build a “Castle on a Hill” But this gets us no closer to knowing what’s coming or how to prepare. Spis Castle, Slovakia. It’s incredible.
VANTAGEPOINT What is Red Teaming ? • Originally a military term used for a decision making process. • Attempting to predict the movements of an adversary by using Alternative Analysis. • Predict what will happen in a particular scenario. • Creating and simulating worst case scenarios. • Red Teams are growing in popularity. • Red Teaming has become a strategy evaluation and decision making technique. • Used by many different sectors and industries.
VANTAGEPOINT What is Red Teaming ? • Red Teams try to answer the “What If” question. If tomorrow we became the target of Anonymous. A foreign state A disgruntled employee who didn't get his bonus An eastern European cyber crime/ransomware gang An international competitor wanting to find a commercial edge Could this happen? How easily ? What is the impact ? What if our CEO left his iPhone in a taxi?
VANTAGEPOINT Red-Teaming have multiple meanings: • It can mean threat emulation, in the U.S. Marine Corps • It can mean as conducting a vulnerability assessment • It can mean using analytical techniques in the DoD Red Teaming meaning in different areas Common in the goal of improving decision making through critical thinking and analysis.
VANTAGEPOINT Center of Security Red- Teaming Physic al Securit y Mobile Securit y Web Application Security Human Vulnerabili ty Incident Respons e Security Operatio ns Center Infrastructu re Security
VANTAGEPOINT Conducting a Red Team Assessment
VANTAGEPOINT Minimum skillset required as a Red Teamer
VANTAGEPOINT Minimum skillset required as a Red Teamer
VANTAGEPOINT Minimum skillset required as a Red Teamer
Minimum skillset required as a Red Teamer VANTAGEPOINT
Engagement Points Maliciou s Insider Externa l Hacker External Threat Approach: Act as an external threat. Hack without any access to internal resources. Insider Threat Approach: Act as an insider threat. This approach does not require to do social engineering, web hacking, etc.. VANTAGEPOINT
VANTAGEPOINT
VANTAGEPOINT
VANTAGEPOINT
VANTAGEPOINT Red Team Attack Overview
VANTAGEPOINT Red Team Attack Scenario First Thing First >>> Setting a Goal E.g. Taking control of the Airport Operations Center
VANTAGEPOINT Red Team Attack Scenario Second >>> Story Board the Attack
VANTAGEPOINT Red Team Attack Scenario Spear-Phishing targeted decision makers of APOC Compromise their systems by Attachments or URL Privilege Escalation to get the full control over their systems Map the network using the infected machines and use LinkedIn as C2 Avoid detection: encrypt all the communication Infect the Active Directory Gain full control over APOC systems Data Exfiltration
VANTAGEPOINT Red Team Attack Scenario Third >>> Determining where IR should detect and respond
VANTAGEPOINT Red Team Attack Scenario Spear-Phishing targeted decision makers of APOC Compromise their systems by Attachments or URL Privilege Escalation to get the full control over their systems Map the network using the infected machines and use LinkedIn as C2 Avoid detection: encrypt all the communication Infect the Active Directory Gain full control over APOC systems Data Exfiltration
VANTAGEPOINT Red Team Attack Scenario Fourth >>> Use the Red Team to validate the story board
VANTAGEPOINT Understating the attacker
Post Assessment Takeaway Visibility in your Attack Surface How effective is your Blue Team? (IR Team) Measuring of Time to Detect – Time to Remediate Does your product work as expected? Does your product implemented and configured correctly? Discovering Security Design Flaws Identify vulnerabilities in PPT (People, Process and Technology) Identify the crown jewels How good is your organization overall posture? How your organization respond to threats and attacks? How good is your decision maker? VANTAGEPOINT
VANTAGEPOINT Saeid Atabaki Bytecod3r Q/A

Recommended

討六 海委會 懶人包
討六 海委會 懶人包討六 海委會 懶人包
討六 海委會 懶人包releaseey
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
 
Dressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDragos, Inc.
 
Accenture Communications Industry Narrative Trend Shifts Signals
Accenture Communications Industry Narrative Trend Shifts SignalsAccenture Communications Industry Narrative Trend Shifts Signals
Accenture Communications Industry Narrative Trend Shifts Signalsaccenture
 
Space based vessel detection – combining earth observation and ais for mariti...
Space based vessel detection – combining earth observation and ais for mariti...Space based vessel detection – combining earth observation and ais for mariti...
Space based vessel detection – combining earth observation and ais for mariti...Innovation Norway
 
Cyber security in_next_gen_air_transportation_system_wo_video
Cyber security in_next_gen_air_transportation_system_wo_videoCyber security in_next_gen_air_transportation_system_wo_video
Cyber security in_next_gen_air_transportation_system_wo_videoOWASP Delhi
 
Cybersecurity - Dominic Nessi, Former CIO, Los Angeles World Airports
Cybersecurity - Dominic Nessi, Former CIO, Los Angeles World AirportsCybersecurity - Dominic Nessi, Former CIO, Los Angeles World Airports
Cybersecurity - Dominic Nessi, Former CIO, Los Angeles World AirportsSITA
 
網路安全管理
網路安全管理網路安全管理
網路安全管理Hsuan-Chih Wang
 

Recommended

討六 海委會 懶人包
討六 海委會 懶人包討六 海委會 懶人包
討六 海委會 懶人包releaseey
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
 
Dressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDragos, Inc.
 
Accenture Communications Industry Narrative Trend Shifts Signals
Accenture Communications Industry Narrative Trend Shifts SignalsAccenture Communications Industry Narrative Trend Shifts Signals
Accenture Communications Industry Narrative Trend Shifts Signalsaccenture
 
Space based vessel detection – combining earth observation and ais for mariti...
Space based vessel detection – combining earth observation and ais for mariti...Space based vessel detection – combining earth observation and ais for mariti...
Space based vessel detection – combining earth observation and ais for mariti...Innovation Norway
 
Cyber security in_next_gen_air_transportation_system_wo_video
Cyber security in_next_gen_air_transportation_system_wo_videoCyber security in_next_gen_air_transportation_system_wo_video
Cyber security in_next_gen_air_transportation_system_wo_videoOWASP Delhi
 
Cybersecurity - Dominic Nessi, Former CIO, Los Angeles World Airports
Cybersecurity - Dominic Nessi, Former CIO, Los Angeles World AirportsCybersecurity - Dominic Nessi, Former CIO, Los Angeles World Airports
Cybersecurity - Dominic Nessi, Former CIO, Los Angeles World AirportsSITA
 
網路安全管理
網路安全管理網路安全管理
網路安全管理Hsuan-Chih Wang
 
Sample assignment on impact of cruise tourism in coastal areas
Sample assignment on impact of cruise tourism in coastal areas Sample assignment on impact of cruise tourism in coastal areas
Sample assignment on impact of cruise tourism in coastal areas www.StudentsAssignmentHelp.com
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Deivid Toledo
 
ניתוח סיכונים בשיטת Lopa - מהנדס שי שגב
ניתוח סיכונים בשיטת Lopa - מהנדס שי שגבניתוח סיכונים בשיטת Lopa - מהנדס שי שגב
ניתוח סיכונים בשיטת Lopa - מהנדס שי שגבYoram Elazary
 
UCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxUCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxucisa
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetCrowdStrike
 
Guidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxGuidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxsrinivascooldude58
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 
Cloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptxCloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptxAdityaChawan4
 
Isps code
Isps codeIsps code
Isps codeKAMUS PELAYARAN
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actorConf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actorTechExeter
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperationsAntonio (Tony) Robinson
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsInvincea, Inc.
 
Paolo Passeri - A Multi Layered Approach to Threat Intelligence
Paolo Passeri - A Multi Layered Approach to Threat IntelligencePaolo Passeri - A Multi Layered Approach to Threat Intelligence
Paolo Passeri - A Multi Layered Approach to Threat IntelligenceCodemotion
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsJoe McCray
 
Cybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfCybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfHamzaAfzal61
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq OWASP-Qatar Chapter
 
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsPhilippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsAPNIC
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksImperva
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsChris Gates
 

More Related Content

What's hot

Sample assignment on impact of cruise tourism in coastal areas
Sample assignment on impact of cruise tourism in coastal areas Sample assignment on impact of cruise tourism in coastal areas
Sample assignment on impact of cruise tourism in coastal areas www.StudentsAssignmentHelp.com
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Deivid Toledo
 
ניתוח סיכונים בשיטת Lopa - מהנדס שי שגב
ניתוח סיכונים בשיטת Lopa - מהנדס שי שגבניתוח סיכונים בשיטת Lopa - מהנדס שי שגב
ניתוח סיכונים בשיטת Lopa - מהנדס שי שגבYoram Elazary
 
UCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxUCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxucisa
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetCrowdStrike
 
Guidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxGuidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxsrinivascooldude58
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 
Cloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptxCloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptxAdityaChawan4
 

What's hot (9)

Sample assignment on impact of cruise tourism in coastal areas
Sample assignment on impact of cruise tourism in coastal areas Sample assignment on impact of cruise tourism in coastal areas
Sample assignment on impact of cruise tourism in coastal areas
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)
 
ניתוח סיכונים בשיטת Lopa - מהנדס שי שגב
ניתוח סיכונים בשיטת Lopa - מהנדס שי שגבניתוח סיכונים בשיטת Lopa - מהנדס שי שגב
ניתוח סיכונים בשיטת Lopa - מהנדס שי שגב
 
UCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxUCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptx
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
 
Guidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxGuidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptx
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity Predictions
 
Cloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptxCloud Security Assessment Methods.pptx
Cloud Security Assessment Methods.pptx
 
Isps code
Isps codeIsps code
Isps code
 

Similar to Red Teaming Airport Cybersecurity

Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actorConf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actorTechExeter
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsInvincea, Inc.
 
Paolo Passeri - A Multi Layered Approach to Threat Intelligence
Paolo Passeri - A Multi Layered Approach to Threat IntelligencePaolo Passeri - A Multi Layered Approach to Threat Intelligence
Paolo Passeri - A Multi Layered Approach to Threat IntelligenceCodemotion
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsJoe McCray
 
Cybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfCybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfHamzaAfzal61
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq OWASP-Qatar Chapter
 
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsPhilippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsAPNIC
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksImperva
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsChris Gates
 
Future-proofing maritime ports against emerging cyber-physical threats
Future-proofing maritime ports against emerging cyber-physical threatsFuture-proofing maritime ports against emerging cyber-physical threats
Future-proofing maritime ports against emerging cyber-physical threatsSteven SIM Kok Leong
 
Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Morakinyo Animasaun
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunk
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareIBM Security
 

Similar to Red Teaming Airport Cybersecurity (20)

Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actorConf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
 
Paolo Passeri - A Multi Layered Approach to Threat Intelligence
Paolo Passeri - A Multi Layered Approach to Threat IntelligencePaolo Passeri - A Multi Layered Approach to Threat Intelligence
Paolo Passeri - A Multi Layered Approach to Threat Intelligence
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
Cybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdfCybersecurity for Everyone Course. Final Project OilRig.pdf
Cybersecurity for Everyone Course. Final Project OilRig.pdf
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq
 
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsPhilippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTs
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their Tracks
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
Future-proofing maritime ports against emerging cyber-physical threats
Future-proofing maritime ports against emerging cyber-physical threatsFuture-proofing maritime ports against emerging cyber-physical threats
Future-proofing maritime ports against emerging cyber-physical threats
 
Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral Analytics
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
Failed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated RansomwareFailed Ransom: How IBM XGS Defeated Ransomware
Failed Ransom: How IBM XGS Defeated Ransomware
 

Recently uploaded

Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaKayode Fayemi
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar TrainingKylaCullinane
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsaqsarehman5055
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMoumonDas2
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxraffaeleoman
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Vipesco
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxNikitaBankoti2
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Chameera Dedduwage
 

Recently uploaded (20)

Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptx
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 

Red Teaming Airport Cybersecurity

  • 1. VANTAGEPOINT Cyber Red Teaming in Airport and Aviation
  • 2. VANTAGEPOINT def Saeid(); • Senior Security Consultant @ VP • Crest / Offensive Security Certified (OCSP/E) • Over 10 years In the Industry • Offsec, Red Teamer, Ring0 Fuzzer • Passionate about security  I don’t like to get caught  Specific focus on offensive and stealthy operations
  • 3. VANTAGEPOINT This presentation will cover Quick History of Cyber Attacks in Airport What is Red Teaming Minimum skillset as a Red Teamer Engagement Points RT Attack Overview & Scenario Post Assessment Takeaway
  • 4. VANTAGEPOINT Recent cyber attacks on airport • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware…
  • 5. VANTAGEPOINT Recent cyber attacks on airport • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware…
  • 6. VANTAGEPOINT Recent cyber attacks on airport • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware… 2014 – Account Backdoor on Airport X-Ray Scanner Attackers may be able to use the account as backdoor to get to the system
  • 7. VANTAGEPOINT Recent cyber attacks on airport • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware…
  • 8. • On 7th Aug. 2015, it was disclosed that the database of American airlines (AA) and Sabre Corp, one of the largest clearing houses for travel reservations, were hacked. • Miami international airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattack. • 2016-2017 – WannaCry, Petya..Ransomware… VANTAGEPOINT Recent cyber attacks on airport
  • 11. VANTAGEPOINT Airport Delicious target for hacker?! • Insiders (employees, contractors, etc.) who have legitimate access to the APOC, either by accidental or deliberate misuse (e.g. when threatened by terrorists) • Hacktivists, who have a cause to fight for (such as political or ideological motives) • Hackers or virus writers, who find interfering with computer systems an enjoyable challenge • Business competitors and foreign intelligence services, interested in gaining an economic advantage for their companies or countries • Cyber-criminals, who are interested in making money through fraud or from the sale ofvaluable information • Terrorists, who are interested in obtaining and using sensitive information to launch a conventional attack • Organized crime, who are interested in obtaining financial reward or ransom in exchange of not provoking cancellations or flight disruptions • State Cyber-Forces, who have large amounts of resources at their disposal, state backing and are very highly skilled
  • 15. VANTAGEPOINT Active defense is our only option: • Firewalls • Multi-Tiered Networks • IDS and Monitoring Systems • Security Operations • Analytics • DLP / Encryption • Actionable Intelligence • Okay-ish patch cycle. • Strong user account & password policies. • Security staff (blue team). We build a “Castle on a Hill” But this gets us no closer to knowing what’s coming or how to prepare. Spis Castle, Slovakia. It’s incredible.
  • 16. VANTAGEPOINT What is Red Teaming ? • Originally a military term used for a decision making process. • Attempting to predict the movements of an adversary by using Alternative Analysis. • Predict what will happen in a particular scenario. • Creating and simulating worst case scenarios. • Red Teams are growing in popularity. • Red Teaming has become a strategy evaluation and decision making technique. • Used by many different sectors and industries.
  • 17. VANTAGEPOINT What is Red Teaming ? • Red Teams try to answer the “What If” question. If tomorrow we became the target of Anonymous. A foreign state A disgruntled employee who didn't get his bonus An eastern European cyber crime/ransomware gang An international competitor wanting to find a commercial edge Could this happen? How easily ? What is the impact ? What if our CEO left his iPhone in a taxi?
  • 18. VANTAGEPOINT Red-Teaming have multiple meanings: • It can mean threat emulation, in the U.S. Marine Corps • It can mean as conducting a vulnerability assessment • It can mean using analytical techniques in the DoD Red Teaming meaning in different areas Common in the goal of improving decision making through critical thinking and analysis.
  • 20. VANTAGEPOINT Conducting a Red Team Assessment
  • 24. Minimum skillset required as a Red Teamer VANTAGEPOINT
  • 25. Engagement Points Maliciou s Insider Externa l Hacker External Threat Approach: Act as an external threat. Hack without any access to internal resources. Insider Threat Approach: Act as an insider threat. This approach does not require to do social engineering, web hacking, etc.. VANTAGEPOINT
  • 30. VANTAGEPOINT Red Team Attack Scenario First Thing First >>> Setting a Goal E.g. Taking control of the Airport Operations Center
  • 31. VANTAGEPOINT Red Team Attack Scenario Second >>> Story Board the Attack
  • 32. VANTAGEPOINT Red Team Attack Scenario Spear-Phishing targeted decision makers of APOC Compromise their systems by Attachments or URL Privilege Escalation to get the full control over their systems Map the network using the infected machines and use LinkedIn as C2 Avoid detection: encrypt all the communication Infect the Active Directory Gain full control over APOC systems Data Exfiltration
  • 33. VANTAGEPOINT Red Team Attack Scenario Third >>> Determining where IR should detect and respond
  • 34. VANTAGEPOINT Red Team Attack Scenario Spear-Phishing targeted decision makers of APOC Compromise their systems by Attachments or URL Privilege Escalation to get the full control over their systems Map the network using the infected machines and use LinkedIn as C2 Avoid detection: encrypt all the communication Infect the Active Directory Gain full control over APOC systems Data Exfiltration
  • 35. VANTAGEPOINT Red Team Attack Scenario Fourth >>> Use the Red Team to validate the story board
  • 37. Post Assessment Takeaway Visibility in your Attack Surface How effective is your Blue Team? (IR Team) Measuring of Time to Detect – Time to Remediate Does your product work as expected? Does your product implemented and configured correctly? Discovering Security Design Flaws Identify vulnerabilities in PPT (People, Process and Technology) Identify the crown jewels How good is your organization overall posture? How your organization respond to threats and attacks? How good is your decision maker? VANTAGEPOINT

Editor's Notes

  1. A red team or the red team is an independent group that challenges an organization to improve its effectiveness.
  2. its is an independent group that challenges an organization to improve its effectiveness.
  3. its is an independent group that challenges an organization to improve its effectiveness.
  4. its is an independent group that challenges an organization to improve its effectiveness.
  5. its is an independent group that challenges an organization to improve its effectiveness.
  6. its is an independent group that challenges an organization to improve its effectiveness.
  7. its is an independent group that challenges an organization to improve its effectiveness.
  8. its is an independent group that challenges an organization to improve its effectiveness.
  9. its is an independent group that challenges an organization to improve its effectiveness.
  10. its is an independent group that challenges an organization to improve its effectiveness.
  11. its is an independent group that challenges an organization to improve its effectiveness.
  12. its is an independent group that challenges an organization to improve its effectiveness.
  13. its is an independent group that challenges an organization to improve its effectiveness.
  14. the mindset of humility that is recognition that you are working for a job and you cant conceive all of the problems that your organization faces. If you think about your own profession, you will recognize that you work very close to others and you probably think very similar to them, you probably have a boss that you afraid to share your most challenging views with, you will think its pointless, researchers found out that people don’t like to find out the blind spot of their organization and challenge the assumptions where they work and its very difficult to conceive the adversary perspective, once you accept the fact that you can not grade your homework, red teams are an approach to get around this institutional pathology that we are faced, no matter where we work. especially in the companies with Bureaucracy that is any degree of hierarchy into it. Is the practice of viewing a problem from an adversary or competitor’s perspective. The goal of most red teams is to enhance decision making, either by specifying the adversary’s preferences and strategies or by simply acting as a devil’s advocate. the process of using tactics, techniques, and procedures (TTPs) to emulate a real-world threat with the goals of training and measuring the effectiveness of people, processes and technology used to defend an environment.  
  15. Businesses, governmental agencies, the Department of Defense, and each of the services have their own definition of red teaming and views on how to apply it. It can mean threat emulation, also known as “role-playing the adversary”, which is how the U.S. Marine Corps uses the term. It can meant as conducting a vulnerability assessment of a process or system design to determine its weaknesses. It can meant using analytical techniques in order to improve intelligence estimates and intelligence synchronization, common in the DOD and governmental intelligence agencies. While these definitions seem unrelated, they have in common the ultimate goal of improving decision making through critical thinking and analysis.
  16. ROI removed
  17. Red Team members are cutting-edge technical experts in a multitude of IT domains and are used as consultants by other services within the security department.
  18. Red Team members are cutting-edge technical experts in a multitude of IT domains and are used as consultants by other services within the security department.
  19. Red Team members are cutting-edge technical experts in a multitude of IT domains and are used as consultants by other services within the security department.
  20. Red Team members are cutting-edge technical experts in a multitude of IT domains and are used as consultants by other services within the security department.
  21. External Threat Approach: Act as an external threat. Hack without any access to internal resources. (E.g. Phishing, social engineering, Password Guessing, Web Hacking) Insider Threat Approach: Act as an insider threat. This approach does not require to do social engineering, web hacking, etc.. So bypassing anti-phishing or anti-spam is not required. The attacker simply connects his mini broadband dongle to a network node and run away!
  22. This is why it's important to understand attacker capabilities when building your threat model...
  23. its is an independent group that challenges an organization to improve its effectiveness.
  24. its is an independent group that challenges an organization to improve its effectiveness.
  25. its is an independent group that challenges an organization to improve its effectiveness.