Red Teaming Methodology

冰球突破试玩的红队协作方法

每一个 红色的团队操作 is conducted using globally accepted and industry-standard frameworks which help make up our 红色的合作 methodology. 至少, 底层框架基于北约CCDCOE, OWASP, PTES, 美国陆军红队手册v7, 但是超出了最初的框架本身.

While a red team engagement is an offensive attack simulation typically conducted by a third-party organization, it is sometimes juxtaposed with a defensive team (the blue team) responsible for defending against red teamers and actual threat actors alike.  Sometimes, when both teams are working on an engagement together, it may be called purple teaming.

The first step in a Red Team operation is to establish the rules of engagement with the client to lay out the target and types of physical, 社会工程, 以及允许进行的网络攻击.  This process will identify all goals for the security team to achieve.  Whether that is to obtain physical access to the server room or to gain access to HR's sensitive data.  Once the goals are established, then the Red Team will begin the engagement.

侦察/信息收集

The first phase in a red team operation is focused on collecting as much information as possible about the target. Reconnaissance, aka Information Gathering, is one of the most critical steps. 这是通过使用公共工具来实现的, Maltego等, LinkedIn, Google, Twitter, Facebook, 谷歌地球, etc. 作为一个结果, it is usually possible to learn a great deal about the target’s people, technology, 周围的环境, 和环境. This step also involves building or acquiring specific tools for the red team test.

主动侦察/秘密观察

An important phase in a red team operation focuses on collecting information about IT infrastructure, facilities, 和员工. Open Source Intelligence Gathering can be quite telling about a target, its people, 它的设施, 其反应能力, 以及它的技术构成, 例如物理/逻辑安全控制, 人流量, terrain, 渗透和出口点, etc. 通过全面的分析, it begins to paint a picture of the target and its primary operations, 以及存在的威胁.

攻击计划和借口

Effective attack planning and pretexting involve preparation of the operation specific to the target taking into full account intel gathered from the reconnaissance stages. 这通常包括:威胁建模, 制定初步的进攻计划, 识别的借口, 列出可能的替代计划, 定制恶意文件负载, 准备RFID克隆器和徽章, 配置硬件木马, 获得社会工程服装, 建立伪造角色/企业, 确定指挥和控制是否在范围内, 和更多的.

剥削

剥削就像它听起来的那样. 在这一点上, the red team will actively work to achieve the designated goal to “break-in” or compromise servers/apps/networks, 绕过物理控制(i.e., gates, fences, locks, radar, 运动检测, cameras), and exploit target staff through 社会工程 by face-to-face, 网络钓鱼邮件, 电话vishing, or SMS. RedTeam will analyze cybersecurity vulnerabilities and backdoors, 工厂硬件木马远程网络持久性, etc.

一旦建立了访问, RedTeam安全's ethical hackers will work to gain persistence, 无论是网络上的坚持还是物理上的坚持, although cyber persistence is generally slightly more common. This is done through things like privilege escalation on compromised servers, shells, 恶意文件负载安装, 物理键印象的使用, 和lock-picked门.

The exploitation stage provides the foundation for the 后开发 phase.  

后开发

During this phase of a 红色的团队操作, the team aims to complete the mission and realize the 达成一致的目标 由客户端和RedTeam安全设置. Actions on objective happen through lateral movement throughout the cyber environment as well as the physical facilities. Pivoting from compromised systems and from breached physical security controls all along capturing video, audio and photographic evidence supporting each finding discovered.

Ultimately, the team aims to achieve the agreed-upon goal which could be to exfiltrate data, information, 或者你认为极其敏感的实物资产.

Reporting

一旦红队评估完成, RedTeam security consultants will begin compiling the information gathered from all the phases of the engagement to provide a comprehensive report for you and your stakeholders that includes the information learned from OSINT/Reconnaissance, the initial plan developed in the 攻击计划和借口 phase, methods used and steps taken for 剥削 and 后开发. The report will outline where the team was successful and where they were unsuccessful and will provide recommendations to improve the company's security posture.

与冰球突破试玩免费网络安全咨询

RedTeam安全 has been providing premier information security services since 2008. 冰球突破豪华版试玩的团队成员都是高度熟练的, 每个测试者都有很强的知识, experience, 为冰球突破豪华版试玩所做的每一个项目注入智慧. A dedication to providing our customers with the best security defense possible is a primary driver in our business philosophy. Our rigorous methodology is designed to ensure your security not only meets industry standards but exceeds. 你准备好把你的安全提升到下一个级别了吗? 安排你的免费虚拟会议 与冰球突破试玩专家今天在 612-234-7848.