SlideShare a Scribd company logo

Red Team P2.pdf

S
soheil hashemi

Adversary Emulation

Technology
1 of 26
Download to read offline
Red Team P2 )Adversary Emulation( ‫سینداد‬ ‫ارتباط‬ ‫امن‬ ‫مهندسی‬ ‫شرکت‬ s i n d a d s e c . i r
Whoami Soheil Hashemi Ms.c Network Computers Penetration Testing | Red Teaming | Purple Teaming Security Course Instructor 1 sindadsec.ir
Agenda sindadsec.ir • TTP • Pyramid of Pain • IOC vs IOA • MITRE ATT&CK • Reconnaissance • Resource Development • Initial Access • Execution • Persistence • Privilege Escalation • Defense Evasion • Credential Access • Discovery • Lateral Movement • Collection • C2 • Exfiltration • Impact 2
Red Team Operation Process sindadsec.ir ۲ • Planning: Threat Intelligence to Find suitable APT => TTP • Execution- Automation: Use Emulation platform ART or Caldera both of them need customization and Mastery on MITRE ATT&CK • Execution- Manual: should Manually emulate TTP • Culmination: Breach and Deep Penetration • Reporting: after emulation did should compile a report 3
Methodology for Red Teaming? Cyber kill chain MITRE Attack Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Pyramid Of Pain 4 ATT&CK Techniques
Methodology for Red Teaming? Cyber kill chain MITRE Attack Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Why TTP is so Important ? 4.1
Focus on TTP, APT can change everything but in most operation, they have the same procedure and EDR can detect them.APT1- CONTI ۱۰ sindadsec.ir Indicator Of Compromise Hash , IP , Domain , network and host artifact , Tools IOC VS IOA Indicator OF Attack 5
Methodology for Red Teaming? Cyber kill chain MITRE Attack Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir https://attack.mitre.org/ MITRE Attack 6
Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Reconnaissance [TA0043] Active / Passive • Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Tools: ➢Ammas ➢Sn1per ➢TheHarvester ➢Recon-ng ➢Maltego-CE ➢SET ➢Nikto ➢Shodan ➢Spiderfoot 7
۸ sindadsec.ir Reconnaissance [TA0043] ASM 7.1
۸ sindadsec.ir Resource Development [TA0042] • Resource Development consists of techniques that involve adversaries creating, purchasing, or compromising/stealing resources that can be used to support targeting. ➢VPS ➢Domain ➢Mail Server Configuration ➢Bring CVE and Weaponization from Recon ➢Prepare FUD Payload & Exploits 8
Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Initial Access [TA0001] • Initial Access consists of techniques that use various entry vectors to gain their initial foothold within a network. Tools: ➢Airecrack-NG ➢Lunkcystrike ➢Wifi-Pupkin ➢Gophish ➢SQLMAP ➢KING Phisher ➢Bash Bunny 9
Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Execution [TA0002] • Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Tools: ➢Macro 10
Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Persistence [TA0003] • Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Tools: ➢C2 ➢Rootkit ➢Pwncat 11
Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Privilege Escalation [TA0004] ✓ SYSTEM/root level ✓ local administrator ✓ a user account with admin-like access ✓ user accounts with access to specific systems or performs a specific function ✓ These techniques often overlap with Persistence techniques, as OS features that let an adversary persist can execute in an elevated context. Tools: ➢Rubeus ➢UACme ➢SharpUP 12
۸ sindadsec.ir Defense Evasion [TA0005] • Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Tools: ➢Meterpreter ➢ProxyChains ➢Invoke-Obfuscation ➢Veil 13
۸ sindadsec.ir Credential Access [TA0006] • Credential Access consists of techniques for stealing credentials like account names and passwords. Tools: ➢Mimikatz ➢Hashcat ➢Responder ➢Cain & Able ➢John the Ripper ➢THC Hydra ➢LaZagne 14
۸ sindadsec.ir Discovery [TA0007] • Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. Tools: ➢BloodHound ➢SeatBelt ➢Kismet ➢ADRecon 15
Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Lateral Movement [TA0008] • Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Tools: ➢Mimikatz ➢Psexec ➢WMIOps ➢CrackMapExec 16
Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Collection [TA0009] • The collection consists of techniques adversaries may use to gather information and the sources of information collected that is relevant to following through on the adversary's objectives. Tools: ➢PowerSploit ➢PowerUPSQL 17
Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Command And Control [TA0011] • Command and Control consist of techniques that adversaries may use to communicate with systems under their control within a victim network. Tools: ➢Cobaltstrike ➢Metasploit ➢Sillenttrinity ➢Koadic ➢PoshC2 ➢Empire ➢Puppy ➢Quasar ➢Covenant 18
۸ sindadsec.ir Exfiltration [TA0010] • Exfiltration consists of techniques that adversaries may use to steal data from your network. Once they’ve collected data, adversaries often package it to avoid detection while removing it. Tools: ➢DNScat2 ➢ClockifyFactory ➢Powershell-RAT 19
Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Impact [TA0040] • The adversary is trying to manipulate, interrupt, or destroy your systems and data. Tools: ➢Slowris ➢LOIC(Low ORBIT LON Cannon) ➢Ransomware ➢Wiper 20
Methodology for Red Teaming? Cyber kill chain MITRE Attack Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir 21
Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir 22 QA
Red Team P2.pdf

Recommended

Red Team P1.pdf
Red Team P1.pdfRed Team P1.pdf
Red Team P1.pdfsoheil hashemi
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Chris Gates
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshopArpan Raval
 
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...DataScienceConferenc1
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 

Recommended

Red Team P1.pdf
Red Team P1.pdfRed Team P1.pdf
Red Team P1.pdfsoheil hashemi
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Chris Gates
 
Cyber Threat hunting workshop
Cyber Threat hunting workshopCyber Threat hunting workshop
Cyber Threat hunting workshopArpan Raval
 
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...
[DSC Adria 23]Goran Gvozden Threat-Informed Defense-Boosting Cybersecurity Aw...DataScienceConferenc1
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_ConclaveNSConclave
 
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...Priyanka Aash
 
2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...
2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...
2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...Marcin Ludwiszewski
 
Introduction to Adversary Evaluation Tools
Introduction to Adversary Evaluation ToolsIntroduction to Adversary Evaluation Tools
Introduction to Adversary Evaluation ToolsAj MaChInE
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
3. APTs Presentation
3. APTs Presentation3. APTs Presentation
3. APTs Presentationisc2-hellenic
 
Security and Penetration Testing Overview
Security and Penetration Testing OverviewSecurity and Penetration Testing Overview
Security and Penetration Testing OverviewQA InfoTech
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Hacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guidePankaj Dubey
 
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligenceOrder vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligencePriyanka Aash
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security BreakfastRackspace
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Adaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber AttacksAdaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber AttacksJermund Ottermo
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfslametarrokhim1
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack DemonstrationAlert Logic
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Јаѓќеѕн Јажѕшаф
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

More Related Content

Similar to Red Team P2.pdf

RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_ConclaveNSConclave
 
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...Priyanka Aash
 
2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...
2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...
2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...Marcin Ludwiszewski
 
Introduction to Adversary Evaluation Tools
Introduction to Adversary Evaluation ToolsIntroduction to Adversary Evaluation Tools
Introduction to Adversary Evaluation ToolsAj MaChInE
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
3. APTs Presentation
3. APTs Presentation3. APTs Presentation
3. APTs Presentationisc2-hellenic
 
Security and Penetration Testing Overview
Security and Penetration Testing OverviewSecurity and Penetration Testing Overview
Security and Penetration Testing OverviewQA InfoTech
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Hacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guidePankaj Dubey
 
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligenceOrder vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligencePriyanka Aash
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security BreakfastRackspace
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Adaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber AttacksAdaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber AttacksJermund Ottermo
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfslametarrokhim1
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack DemonstrationAlert Logic
 

Similar to Red Team P2.pdf (20)

RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_Conclave
 
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
(SACON) Wasim Halani & Arpan Raval - Practical Threat Hunting - Developing an...
 
2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...
2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...
2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...
 
Introduction to Adversary Evaluation Tools
Introduction to Adversary Evaluation ToolsIntroduction to Adversary Evaluation Tools
Introduction to Adversary Evaluation Tools
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERA
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
 
3. APTs Presentation
3. APTs Presentation3. APTs Presentation
3. APTs Presentation
 
Security and Penetration Testing Overview
Security and Penetration Testing OverviewSecurity and Penetration Testing Overview
Security and Penetration Testing Overview
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
Hacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guide
 
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm IntelligenceOrder vs. Mad Science: Analyzing Black Hat Swarm Intelligence
Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security Breakfast
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Adaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber AttacksAdaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber Attacks
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Red Team P2.pdf

  • 1. Red Team P2 )Adversary Emulation( ‫سینداد‬ ‫ارتباط‬ ‫امن‬ ‫مهندسی‬ ‫شرکت‬ s i n d a d s e c . i r
  • 2. Whoami Soheil Hashemi Ms.c Network Computers Penetration Testing | Red Teaming | Purple Teaming Security Course Instructor 1 sindadsec.ir
  • 3. Agenda sindadsec.ir • TTP • Pyramid of Pain • IOC vs IOA • MITRE ATT&CK • Reconnaissance • Resource Development • Initial Access • Execution • Persistence • Privilege Escalation • Defense Evasion • Credential Access • Discovery • Lateral Movement • Collection • C2 • Exfiltration • Impact 2
  • 4. Red Team Operation Process sindadsec.ir ۲ • Planning: Threat Intelligence to Find suitable APT => TTP • Execution- Automation: Use Emulation platform ART or Caldera both of them need customization and Mastery on MITRE ATT&CK • Execution- Manual: should Manually emulate TTP • Culmination: Breach and Deep Penetration • Reporting: after emulation did should compile a report 3
  • 5. Methodology for Red Teaming? Cyber kill chain MITRE Attack Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Pyramid Of Pain 4 ATT&CK Techniques
  • 6. Methodology for Red Teaming? Cyber kill chain MITRE Attack Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Why TTP is so Important ? 4.1
  • 7. Focus on TTP, APT can change everything but in most operation, they have the same procedure and EDR can detect them.APT1- CONTI ۱۰ sindadsec.ir Indicator Of Compromise Hash , IP , Domain , network and host artifact , Tools IOC VS IOA Indicator OF Attack 5
  • 8. Methodology for Red Teaming? Cyber kill chain MITRE Attack Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir https://attack.mitre.org/ MITRE Attack 6
  • 9. Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Reconnaissance [TA0043] Active / Passive • Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting. Tools: ➢Ammas ➢Sn1per ➢TheHarvester ➢Recon-ng ➢Maltego-CE ➢SET ➢Nikto ➢Shodan ➢Spiderfoot 7
  • 11. ۸ sindadsec.ir Resource Development [TA0042] • Resource Development consists of techniques that involve adversaries creating, purchasing, or compromising/stealing resources that can be used to support targeting. ➢VPS ➢Domain ➢Mail Server Configuration ➢Bring CVE and Weaponization from Recon ➢Prepare FUD Payload & Exploits 8
  • 12. Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Initial Access [TA0001] • Initial Access consists of techniques that use various entry vectors to gain their initial foothold within a network. Tools: ➢Airecrack-NG ➢Lunkcystrike ➢Wifi-Pupkin ➢Gophish ➢SQLMAP ➢KING Phisher ➢Bash Bunny 9
  • 13. Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Execution [TA0002] • Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Tools: ➢Macro 10
  • 14. Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Persistence [TA0003] • Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Tools: ➢C2 ➢Rootkit ➢Pwncat 11
  • 15. Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Privilege Escalation [TA0004] ✓ SYSTEM/root level ✓ local administrator ✓ a user account with admin-like access ✓ user accounts with access to specific systems or performs a specific function ✓ These techniques often overlap with Persistence techniques, as OS features that let an adversary persist can execute in an elevated context. Tools: ➢Rubeus ➢UACme ➢SharpUP 12
  • 16. ۸ sindadsec.ir Defense Evasion [TA0005] • Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Tools: ➢Meterpreter ➢ProxyChains ➢Invoke-Obfuscation ➢Veil 13
  • 17. ۸ sindadsec.ir Credential Access [TA0006] • Credential Access consists of techniques for stealing credentials like account names and passwords. Tools: ➢Mimikatz ➢Hashcat ➢Responder ➢Cain & Able ➢John the Ripper ➢THC Hydra ➢LaZagne 14
  • 18. ۸ sindadsec.ir Discovery [TA0007] • Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. Tools: ➢BloodHound ➢SeatBelt ➢Kismet ➢ADRecon 15
  • 19. Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Lateral Movement [TA0008] • Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Tools: ➢Mimikatz ➢Psexec ➢WMIOps ➢CrackMapExec 16
  • 20. Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Collection [TA0009] • The collection consists of techniques adversaries may use to gather information and the sources of information collected that is relevant to following through on the adversary's objectives. Tools: ➢PowerSploit ➢PowerUPSQL 17
  • 21. Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Command And Control [TA0011] • Command and Control consist of techniques that adversaries may use to communicate with systems under their control within a victim network. Tools: ➢Cobaltstrike ➢Metasploit ➢Sillenttrinity ➢Koadic ➢PoshC2 ➢Empire ➢Puppy ➢Quasar ➢Covenant 18
  • 22. ۸ sindadsec.ir Exfiltration [TA0010] • Exfiltration consists of techniques that adversaries may use to steal data from your network. Once they’ve collected data, adversaries often package it to avoid detection while removing it. Tools: ➢DNScat2 ➢ClockifyFactory ➢Powershell-RAT 19
  • 23. Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Impact [TA0040] • The adversary is trying to manipulate, interrupt, or destroy your systems and data. Tools: ➢Slowris ➢LOIC(Low ORBIT LON Cannon) ➢Ransomware ➢Wiper 20
  • 24. Methodology for Red Teaming? Cyber kill chain MITRE Attack Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir 21
  • 25. Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir 22 QA