跳转到主要内容
网络红队Approach论英雄
Learn more about our methodology and the steps used in our advanced adversary simulations.

Red团队安全's 先进敌方模拟方法

如果安全措施是建更高的围栏, expanding your security testing beyond the physical perimeter, 网络基础设施, 或者,政策审查将有助于确保围栏保持足够高的高度,这样威胁行动者就不会翻越围栏. 高级对手模拟是 层次的接触 designed to examine how organizations’ security tool suites are properly installed, 监控, 和维护. 这种约定推进了典型的 网络笔测试. 当冰球突破豪华版试玩人员识别和利用各种攻击载体中的漏洞时,它会实时检查整个内部安全团队的能力.

目标设定和被动侦察

网络红队(网络红团队) /高级对手模拟(Advanced enemy Simulation)团队的任务是展示美国国家标准协会(National Institute of Standards)所称的一种 威胁代理 without introducing any significant risk to the organization. To accomplish this, a thorough understanding of the target organization is crucial. A 网络红队交战 begins with a knowledge transfer; representatives from the target organization and Red团队安全 will meet to discuss critical assets, 目标行业, 以及商业模式, as well as relevant security incidents and threat events. 先进对手模拟小组将利用这些信息与广泛侦察和情报收集阶段收集的数据相结合,建立先进对手模拟作战计划(AASOP)。. 这个AASOP包括组织可能面临的实际高级持续威胁(apt)的可用能力和战术. 网络红队/高级对手模拟队将在交战期间模拟网络红队收集的情报, which improves an adversary’s strategic position. The AASOP is a deliverable at the end of the engagement. It should provide the organization with insight into the first phases of the attack chain, 哪里没有能见度.

方法和立足点

The first stages of an engagement are always the same, but the next stages depend on the methodology agreed upon by the 网络红团队 and the client.

项目主要有两种类型假设Breach和Blackbox.

创. (ret.)迈克尔·海登, 前国家安全局和中央情报局局长, explained the motivation behind the Assume Breach methodology when he said,

“Fundamentally, if somebody wants to get in, they're getting in... 接受. What we tell clients is Number one, you're in the fight whether you like it or not. Number two, you almost certainly are penetrated.”

Assume Breach means shifting the focus to internal 检测 and response. 当组织将内部访问权限拱手让给网络红队时,强大的外围安全层就被回避了. 实际上,这通常意味着网络红队向该组织植入了恶意软件, which the organization executes on an internal resource to serve as a foothold. 这个立脚点可以是一个工作站,作为一台新计算机提供给新员工,或者是一个DMZ中的web服务器,以模拟威胁到外部系统的对手. 假定Breach方法通常被认为是最物有所值的方法,因为它承认了安全性测试的现实. 时间和金钱都是昂贵的. 网络红队可能需要花费数周时间发送网络钓鱼邮件,并调查该组织在互联网上的存在,以获得一个立足点, 这并不能教会组织任何东西. A real threat agent is not restricted by billable hours.

黑箱订婚

在黑盒的交战中, 高级对手模拟团队没有被放弃任何访问权限,而是被给予全权(在合理范围内)在目标环境中获得一个立足点. 物理访问通常超出范围, though wireless attacks and things like malware on a USB drive are permitted. The benefit of the Blackbox methodology is its realism. 攻击的所有阶段都是模拟的, providing the most comprehensive assessment of the organization’s security posture. 另外, 采用“假定违约”方法, 有竞争力或懒惰的防守者可能知道网络红队的立足点在哪里,并滥用这一知识给自己一个不切实际的优势. This temptation is precluded in a Blackbox engagement.

Either of these methodologies can be employed collaboratively with the defenders, i.e., the blue team, in what is known as a Purple 团队 engagement. 高级对手模拟解释了每一次攻击的每一步在实时蓝队. 这种持续的沟通为蓝队提供了对对手的思维过程无与伦比的理解, 工作流, 和能力. 它还为蓝队提供了一个机会,通过真实对手的即时反馈来评估其安全控制和事件响应流程的有效性. 

The 先进的对手模拟/网络红团队 Loop

网络红队的首要任务是一旦在目标环境中获得立足点,就不能失去代价高昂的访问权限. A variety of persistence mechanisms are employed to maintain the foothold. After that, the objectives identified in the Goal Setting stage come in to play. 内部侦察. 网络红队需要了解他们在目标的位置,以便制定包括在RTOP或交战报告中的攻击计划.

考虑到红队只应该 参与组织 他们拥有相对成熟的安全态势, the actions taken during the engagement must be kept to an absolute minimum. 任何多余的活动都可能被蓝队发现,并危及整个操作. 进攻计划已经就位, 网络红队可以开始采取步骤,升级其存在,并向预定目标移动. 这是流程循环回自身的地方.

When the next step toward the goal is determined, 网络红队将返回到“立足点”阶段,并开始获取下一个级别的访问权限. 当然, 他们不想失去这一进展, so they will use persistence mechanisms to prevent that. 下一个, 他们会通过更多的内部侦察来调整自己的方向,看看是否有什么变化,或者是否有更多的信息可以更新攻击计划. The next steps are decided, and the loop repeats until the objective is achieved.

网络红队参与结果

在订婚的最后, 高级对手模拟/网络红队将花费数周时间占据攻击者的思想,并收集大量数据. This experience and information are processed and refined for the client. 交付内容通常包括:

先进的对手模拟 Operational Plan (AASOP)

高级对手模拟作战计划(AASOP)总结了高级对手模拟/网络红队计划采取的行动和相关事件. The AASOP also includes any information obtained from reconnaissance. 

红色的团队 参与报告

An 参与报告 which includes the Plan of Attack and results, 任何事件, 时间线, the information and thought process which prompted any changes, and a list of the Tactics Techniques and Procedures (TTP's) used during the engagement, which produces the highest resolution Indicators of Compromise (IoC's). 如果适当地应用于监控, 检测, 和预防, these IoC's will make the 网络红团队’s attack path impossible to recreate.

网络红队总结

对从安全测试中获得最大价值感兴趣的组织请高级对手模拟/网络红队模拟现实的威胁代理. This process begins with information transfer and collection. The 网络红团队 needs to know what a real threat agent for the client is. A foothold will be obtained through realistic attacks if it is a BlackBox test, or the foothold will be ceded if they Assume Breach methodology is employed. The 先进的对手模拟/网络红团队 will then loop through efficiently, moving towards the objective; until it is achieved or the engagement period has expired.

最后, 网络红队获得的信息和经验将被提炼成可操作和实用的格式供客户使用.

免费咨询A 网络红团队 专家

保护您的组织不受坏人的影响. 让冰球突破试玩帮助您改善您的安全姿态识别安全待遇与冰球突破豪华版试玩 网络红队交战. 打电话给冰球突破豪华版试玩, (612) 234-7848 or 冰球突破豪华版试玩 for a free consultation with a cybersecurity expert today.

¹高级对手模拟(先进的对手模拟)是网络红队交战(Cyber Red团队 Engagement)的冰球突破试玩服务名称. These terms are used interchangeably within this document.

得到一个定制的提案

使用冰球突破豪华版试玩的范围调查问卷,为冰球突破豪华版试玩提供必要的信息,为您提供一份提案. Please be as thorough as possible with your responses, as it helps us ensure an accurate and complete proposal.
If you're interested in application penetration testing, you may find this article helpful when formulating your responses: Understanding Application Complexity For 冰球突破豪华版试玩.

如果您有任何问题,请冰球突破豪华版试玩 (952) 836-2770 or 安排一个会议. We will follow up promptly once we receive your responses. 冰球突破豪华版试玩期待很快与您交谈.

Having trouble viewing the Scoping Questionnaire? Check to see if an ad-blocker is keeping the page from loading properly.

专用客户端门户

在冰球突破豪华版试玩用户友好的客户端门户上与您的Red团队安全专业人员实时交互,并亲眼看到团队接近您的公司数据.

认证的安全专家

冰球突破豪华版试玩值得信赖的安全专业人士持有来自领先行业组织的认证, 包括OSCP, 卡斯商学院, CPT, CISSP,更.

的方法之一

冰球突破豪华版试玩拥有行业领先的认证,每天都花部分时间研究最新的开发技术,以确保冰球突破豪华版试玩的客户免受不断演变的在线攻击.

免费修复测试

Once your team addresses remediation recommendations, Red团队 will schedule your retest at no additional charge.
友情链接: 1 2 3 4 5 6 7 8 9 10