MusicCityCon Keynote Speaker, Peter Kim | Red Team Campaigns
Author of ‘The Hacker Playbook’
All Red Team campaigns are customized to meet your goals and objectives which may include advanced threat tactics, mass compromise, gaining access to a specific database, targeting specific high value employees, replicating specific actor sets and more. Goals and objectives are identified and clearly defined prior to the start of an assessment; they can be broken down into two major categories:
Assumed Breach Exercises
Assumed Breach exercises are shortened, concentrated versions of Red Team campaigns. They are executed based on an assumption that there are always 0-days, users who click on phishing emails and vulnerabilities in your external facing systems. Working together with the client we prepare a custom agent to deploy on a web server or user machine to “compromise” a system. From there, our testers replicate a goal-based scenario using the company’s initial objectives. Since assumed breach exercises are a joint effort, specific actions can be requested. This can include whitelisting our custom agent from Anti-Virus, insider knowledge of defensive toolsets, and other information that can improve the effectiveness of an assessment.
Black Box Campaign
The most traditional type of Red Team campaigns are Black Box campaigns. These assessments span over 6 months and replicate the way an attacker would slowly gain access into a company using common malware to perform reconnaissance, which then leads to a very targeted compromise to meet the goals of the overall campaign. These campaigns generally try to replicate real, advanced threat tactics and simulate how attackers successfully move through an environment. Black Box campaigns may include physical campaigns as well as electronic.
“To truly understand your security defenses, you need to run real-world scenarios designed to test your defensive capabilities against advanced threats.”
What to Expect in Your Report
- Executive Summary: Brief description of the goals of the campaign and reason for testing.
- Summary of Findings: A high-level view of what was identified. In Red Team reports, while vulnerabilities are identified, additional focus is placed on gaps in the overall Security Program.
- Methodology: Details on how the overall campaign was performed and what tactics were replicated, including specific toolsets used.
- Attack Timeline: A detailed timeline describing exactly what the testers did and where alerts failed or were successful. This detailed timeline is also compared against the Incident Response timeline.
- Detailed Findings: Contains details of all findings, recommendations,
- best practices, and how to improve your security posture
CHRONOS SERVICES AVAILABLE
- Threat Modeling
- Secure Code Review
- Penetration Testing
- Red Team Campaigns
For more information and a copy of the slides email: firstname.lastname@example.org
There is no impossible!