SlideShare a Scribd company logo

Red Team P1.pdf

S
soheil hashemi

RedTeam Webinar Part one

Technology
1 of 22
Download to read offline
Red Team P1 )Adversary Emulation( ‫سینداد‬ ‫ارتباط‬ ‫امن‬ ‫مهندسی‬ ‫شرکت‬ s i n d a d s e c . i r
Whoami Soheil Hashemi Ms.c Network Computers Penetration Testing | Red Teaming | Purple Teaming Security Course Instructor 1 sindadsec.ir
Agenda sindadsec.ir • What’s Red Team • APT / APT Group • Ransomware Gangs Vs APT Groups • Red Team Methodologies • Red Team vs Penetration Testing • Red Team Infrastructure • Adversary Emulation platforms • Red Team Tools • Consequence of Data Breach • Defeat APT attacks 2
What’s Red Team (Adversary Emulation) sindadsec.ir ۲ • The Process of Emulation APT Attacks • Invented on 19th Century by German Army • Used on DOD during COLD war 1960 3
APT Attacks sindadsec.ir Advanced Persistence Threat • Advanced = Goal • Persistence = Week, Month, Year ( APT29 - nobelium SolarWinds ) • Threat = espionage, Sabotage 4
۷ sindadsec.ir Attribution • https://attack.mitre.org/groups/ • https://www.mandiant.com/resources/insights/apt-groups • Attribution model, Diamond model • The countries of America, China, North Korea, Europe, Russia and Iran have cyber armies that carry out cyber attacks on other countries for governmental purposes, therefore some APT groups have also been attributed to these countries. • APT’s Target military for Confidential Documents, Hospitals for health info, Science and technology companies for steal Documents and etc. APT Groups 5
Methodology for Red Teaming? Cyber kill chain MITRE Attack Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir APT Groups Attribution or Delegation 6
APT Groups 7
APT Groups 8
Each APT Group have their Target, Their Goals for example APT29 since 2008 attribute to SVR and Target USA, Germany, Uzbekistan, South Korea Some of APT Groups have their Exploit for initial Access They Use Custom Techniques for each Steps like Privilege Escalation, Backdoor and Etc. ۱۰ sindadsec.ir Ransomware Gangs Ransomware Gangs and Other Cyber Criminals Groups Goals are just money from stealing data encrypting data or DDOSING business Most of them Use public Exploit for initial Access and C2 Ransomware Gangs vs APT Groups Hacktivist Hacktivist Groups like Anonymous Group Goal’s are leak Information and Denial of service Governments. APT Groups 9
۷ sindadsec.ir Red Team Methodologies • Methodologies ( MITRE, Cyber KillChain attack) 10
Methodology for Red Teaming? Cyber kill chain MITRE Attack Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir https://attack.mitre.org/ MITRE Attack 11
Methodology for Red Teaming? Cyber kill chain MITRE Attack Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir The Cyber Kill chain https://www.lockheedmartin.com/en- us/capabilities/cyber/cyber-kill- chain.html 12
۱۰ sindadsec.ir Penetration Testing Penetration Testing VS Red Teaming Red Teaming • Offensive Security : Penetration Testing, Red Teaming, Bug Bounty Hunting • Penetration Testing Steps [Scope, Type (Black, White, Gray BOX), Social Engineering not Allowed] Red Teaming Steps ( Whole Business are SCOPE, Type Black box, Social Engineering allowed, Any kind of Offensive is allowed, Physical Initial Access) 13
Red Team Infrastructure ۷ sindadsec.ir • Resource and Development ( Domain, Mail Server, Smtp relay, C2 server, Forwarder) • For building Infrastructure Using Terraform IAC on AWS,AZURE,... • Weaponize CVE • Keep FUD payloads • Social Media Accounts and one time sim card for OSINT 14
۱۰ sindadsec.ir Attack Emulation Attack Emulation VS Simulation Attack Simulation Adversary Emulation plans are the way to model adversary behavior based on a particular set of TTP in MITRE ATT&CK. Red Team can use AEPs to develop an Attack simulation and execute it against your enterprise security infrastructure for identify and tune gaps in defense before the actual adversary strikes. 15
Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Adversary Emulation Platforms Open Source • Caldera - MITRE ATT&CK https://github.com/mitre/caldera • Atomic Red Team - Red Canary - https://github.com/redcanaryco/atomic-red-team • Hunter Forge’s Mordor • Metta - https://github.com/uber-common/metta • APTSimulator - https://github.com/NextronSystems/APTSimulator • Red Team Automation (RTA) - MITRE ATT&CK - https://github.com/endgameinc/RTA • Infection Monkey - https://github.com/guardicore/monkey • AutoTTP - https://github.com/jymcheong/AutoTTP • RedHunt OS - Red Team TOOLS 16
Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Adversary Emulation Platforms Commercial • Cobalt strike • Brute Ratel • AttackIQ FireDrill • Cymulate 17
Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Red Team Tools • Meterpreter vs cobalt strike beacon detection rate • HTTP / HTTPs / TCP / UDP Detection rate • Macro • C2:  Cobalt strike  Brute Ratel  Covenant  Metasploit  Merlin  Mythic  PoshC2  Empire 18
sindadsec.ir COST of a Data Breach Report 2202(IBM Security) 4.35 million USD Average total cost of a data breach 4.82 million USD Average cost of a critical infrastructure data breach 4.54 million USD Average cost of a ransomware attack, not including the cost of the ransom itself 1 million USD Average difference in cost where remote work was a factor in causing the breach versus when it wasn’t a factor 2.66 million USD Average cost savings associated with an incident response (IR) team and regularly tested IR plan 4.35 million USD Global average total cost of a data breach 4.91 million USD Average cost of data breach with a phishing initial attack vector 5.57 million USD Average cost of a breach for organizations with high levels of compliance failures 19
sindadsec.ir Defeat APT Attack  First Step You Should Know Your Enemies [APT Groups, Ransomware Gangs] = CTI  You Should Have Continues Practice for Evaluating your The level of preparedness to face the threats. After Extracting TTP Assign Emulation to red Team = Purple Teaming  Security In Depth It requires proper network design. You should know using security equipment on right place = Security is process not product. 20
Red Team P1.pdf

Recommended

Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework👀 Joe Gray
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMElasticsearch
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event ManagemenS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 

Recommended

Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework👀 Joe Gray
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMElasticsearch
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...MITRE ATT&CK
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event ManagemenS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansEvolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansChristopher Korban
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...MITRE - ATT&CKcon
 
MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0Michael Gough
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceCamilo Fandiño Gómez
 
Learn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsLearn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsSplunk
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defenceOWASP EEE
 
Red Team P2.pdf
Red Team P2.pdfRed Team P2.pdf
Red Team P2.pdfsoheil hashemi
 

More Related Content

What's hot

Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansEvolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansChristopher Korban
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & ArchitecturePriyanka Aash
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...MITRE - ATT&CKcon
 
MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0Michael Gough
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceCamilo Fandiño Gómez
 
Learn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsLearn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsSplunk
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 

What's hot (20)

Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation PlansEvolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
Evolution of Offensive Testing - ATT&CK-based Adversary Emulation Plans
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture Understanding Application Threat Modelling & Architecture
Understanding Application Threat Modelling & Architecture
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEM
 
Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
 
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
MITRE ATT&CKcon 2.0: ATT&CK Updates - PRE-ATT&CK Integration; Adam Pennington...
 
MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security Intelligence
 
Learn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsLearn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security Operations
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hacking
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 

Similar to Red Team P1.pdf

[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defenceOWASP EEE
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementJoe Vest
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue TeamEC-Council
 
Taking the Attacker Eviction Red Pill [updated]
Taking the Attacker Eviction Red Pill [updated]Taking the Attacker Eviction Red Pill [updated]
Taking the Attacker Eviction Red Pill [updated]Frode Hommedal
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)FFRI, Inc.
 
Security testing fundamentals - must need basics to learn Penetration Testing
Security testing fundamentals - must need basics to learn Penetration TestingSecurity testing fundamentals - must need basics to learn Penetration Testing
Security testing fundamentals - must need basics to learn Penetration TestingHaribabu Nandyal Padmanaban
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
SEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainSEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainErik Van Buggenhout
 
RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_ConclaveNSConclave
 

Similar to Red Team P1.pdf (20)

[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
 
Red Team P2.pdf
Red Team P2.pdfRed Team P2.pdf
Red Team P2.pdf
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team EngagementUsing IOCs to Design and Control Threat Activities During a Red Team Engagement
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERA
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue Team
 
Taking the Attacker Eviction Red Pill [updated]
Taking the Attacker Eviction Red Pill [updated]Taking the Attacker Eviction Red Pill [updated]
Taking the Attacker Eviction Red Pill [updated]
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERA
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
 
Security testing fundamentals - must need basics to learn Penetration Testing
Security testing fundamentals - must need basics to learn Penetration TestingSecurity testing fundamentals - must need basics to learn Penetration Testing
Security testing fundamentals - must need basics to learn Penetration Testing
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
SEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainSEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill Chain
 
RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_Conclave
 

Recently uploaded

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Recently uploaded (20)

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

Red Team P1.pdf

  • 1. Red Team P1 )Adversary Emulation( ‫سینداد‬ ‫ارتباط‬ ‫امن‬ ‫مهندسی‬ ‫شرکت‬ s i n d a d s e c . i r
  • 2. Whoami Soheil Hashemi Ms.c Network Computers Penetration Testing | Red Teaming | Purple Teaming Security Course Instructor 1 sindadsec.ir
  • 3. Agenda sindadsec.ir • What’s Red Team • APT / APT Group • Ransomware Gangs Vs APT Groups • Red Team Methodologies • Red Team vs Penetration Testing • Red Team Infrastructure • Adversary Emulation platforms • Red Team Tools • Consequence of Data Breach • Defeat APT attacks 2
  • 4. What’s Red Team (Adversary Emulation) sindadsec.ir ۲ • The Process of Emulation APT Attacks • Invented on 19th Century by German Army • Used on DOD during COLD war 1960 3
  • 5. APT Attacks sindadsec.ir Advanced Persistence Threat • Advanced = Goal • Persistence = Week, Month, Year ( APT29 - nobelium SolarWinds ) • Threat = espionage, Sabotage 4
  • 6. ۷ sindadsec.ir Attribution • https://attack.mitre.org/groups/ • https://www.mandiant.com/resources/insights/apt-groups • Attribution model, Diamond model • The countries of America, China, North Korea, Europe, Russia and Iran have cyber armies that carry out cyber attacks on other countries for governmental purposes, therefore some APT groups have also been attributed to these countries. • APT’s Target military for Confidential Documents, Hospitals for health info, Science and technology companies for steal Documents and etc. APT Groups 5
  • 7. Methodology for Red Teaming? Cyber kill chain MITRE Attack Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir APT Groups Attribution or Delegation 6
  • 10. Each APT Group have their Target, Their Goals for example APT29 since 2008 attribute to SVR and Target USA, Germany, Uzbekistan, South Korea Some of APT Groups have their Exploit for initial Access They Use Custom Techniques for each Steps like Privilege Escalation, Backdoor and Etc. ۱۰ sindadsec.ir Ransomware Gangs Ransomware Gangs and Other Cyber Criminals Groups Goals are just money from stealing data encrypting data or DDOSING business Most of them Use public Exploit for initial Access and C2 Ransomware Gangs vs APT Groups Hacktivist Hacktivist Groups like Anonymous Group Goal’s are leak Information and Denial of service Governments. APT Groups 9
  • 11. ۷ sindadsec.ir Red Team Methodologies • Methodologies ( MITRE, Cyber KillChain attack) 10
  • 12. Methodology for Red Teaming? Cyber kill chain MITRE Attack Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir https://attack.mitre.org/ MITRE Attack 11
  • 13. Methodology for Red Teaming? Cyber kill chain MITRE Attack Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir The Cyber Kill chain https://www.lockheedmartin.com/en- us/capabilities/cyber/cyber-kill- chain.html 12
  • 14. ۱۰ sindadsec.ir Penetration Testing Penetration Testing VS Red Teaming Red Teaming • Offensive Security : Penetration Testing, Red Teaming, Bug Bounty Hunting • Penetration Testing Steps [Scope, Type (Black, White, Gray BOX), Social Engineering not Allowed] Red Teaming Steps ( Whole Business are SCOPE, Type Black box, Social Engineering allowed, Any kind of Offensive is allowed, Physical Initial Access) 13
  • 15. Red Team Infrastructure ۷ sindadsec.ir • Resource and Development ( Domain, Mail Server, Smtp relay, C2 server, Forwarder) • For building Infrastructure Using Terraform IAC on AWS,AZURE,... • Weaponize CVE • Keep FUD payloads • Social Media Accounts and one time sim card for OSINT 14
  • 16. ۱۰ sindadsec.ir Attack Emulation Attack Emulation VS Simulation Attack Simulation Adversary Emulation plans are the way to model adversary behavior based on a particular set of TTP in MITRE ATT&CK. Red Team can use AEPs to develop an Attack simulation and execute it against your enterprise security infrastructure for identify and tune gaps in defense before the actual adversary strikes. 15
  • 17. Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Adversary Emulation Platforms Open Source • Caldera - MITRE ATT&CK https://github.com/mitre/caldera • Atomic Red Team - Red Canary - https://github.com/redcanaryco/atomic-red-team • Hunter Forge’s Mordor • Metta - https://github.com/uber-common/metta • APTSimulator - https://github.com/NextronSystems/APTSimulator • Red Team Automation (RTA) - MITRE ATT&CK - https://github.com/endgameinc/RTA • Infection Monkey - https://github.com/guardicore/monkey • AutoTTP - https://github.com/jymcheong/AutoTTP • RedHunt OS - Red Team TOOLS 16
  • 18. Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Adversary Emulation Platforms Commercial • Cobalt strike • Brute Ratel • AttackIQ FireDrill • Cymulate 17
  • 19. Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration Impact ۸ sindadsec.ir Red Team Tools • Meterpreter vs cobalt strike beacon detection rate • HTTP / HTTPs / TCP / UDP Detection rate • Macro • C2:  Cobalt strike  Brute Ratel  Covenant  Metasploit  Merlin  Mythic  PoshC2  Empire 18
  • 20. sindadsec.ir COST of a Data Breach Report 2202(IBM Security) 4.35 million USD Average total cost of a data breach 4.82 million USD Average cost of a critical infrastructure data breach 4.54 million USD Average cost of a ransomware attack, not including the cost of the ransom itself 1 million USD Average difference in cost where remote work was a factor in causing the breach versus when it wasn’t a factor 2.66 million USD Average cost savings associated with an incident response (IR) team and regularly tested IR plan 4.35 million USD Global average total cost of a data breach 4.91 million USD Average cost of data breach with a phishing initial attack vector 5.57 million USD Average cost of a breach for organizations with high levels of compliance failures 19
  • 21. sindadsec.ir Defeat APT Attack  First Step You Should Know Your Enemies [APT Groups, Ransomware Gangs] = CTI  You Should Have Continues Practice for Evaluating your The level of preparedness to face the threats. After Extracting TTP Assign Emulation to red Team = Purple Teaming  Security In Depth It requires proper network design. You should know using security equipment on right place = Security is process not product. 20