Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Everyone loves buzz words, no? Red team is the newest (well... not that new) coolest thing on the streets of information security city and many cybersecurity pros want to jump right in and become involved in Red team activities at their company.
However, there is more to being a Red team member than just signing up. In this blog post I will lead you down a path will first explain what a Red team does, the different types of Red teams that generally operate and finally how you can become a Red Reamer.
A little history. According to some sources the name Red team has its roots in the U.S. military. During the Cold War wargame exercises would divide a force into two teams. Red (playing the Soviet Union Forces) and Blue (acting as the U.S. and NATO side.)
In the cybersecurity industry, a Red team exercise (also referred to as an adversary simulation) contains penetration testers who are hired to conduct a simulation of how hackers might attempt to breach a company’s defences.
To become a Red teamer one does need to have a certain skills set. Trustwave recommends a potential Red team member should have:
Strong networking knowledge – Knowing how a network works is very important, understanding how services work in large networks will help you understand where the weaknesses are likely located.
Be willing to get your hands dirty with some code – Being a Red teamer is not pushing a button and walking away. There is a lot of thought and research going into each Red team activity and no Red team is the same. Many times we are required to perform changes on the fly and know how tools work.
Be passionate – Everyday new tools, techniques or patches are released; what you exploited last week might not work this week, what was not possible last week might be possible this week. A new tool came out? Open it up, read the source code, run it in a lab to see what it does, understand what it can or can’t do, understanding the code will help you understand new things and help you get better at what you do. It’s an ever-changing field so staying on top of your game by knowing the newest techniques is a necessity.
Collaboration and knowledge sharing – Four eyes are better than two, while you can be the best Red teamer in the world and hack the client’s network all by yourself, having another person to doublecheck your work, or suggest additional will benefit both yourself and the clients.
Learn the difference between penetration testing/Red team/bug bounty/purple team - it’s important to understand the difference in each task and way of doing things between these four different types of assessment.
Vulnerability assessment – Basically validated scanning that is used to identify vulnerabilities, but not to exploit them.
Penetration testing - The goal of penetration testing is to identify the degree of control over supplied target systems an attacker could gain either from the Internet (if external) or from a position of having gained access to a private internal network (if internal), and within the limited time also identify as many different ways that such compromises could be obtained.
Red team -The goal is the crown jewels, it doesn’t mean you need to get DA, if DA will help you achieve the goal (e.g. get to the client private database instance with all HR records) then go for it, but a lot of the time it’s not required. The goal is to avoid detection and gain access to the predefined goals. While Red team exercises usually longer than penetration testing that is because we are trying to avoid detection at all costs, the Blue, or defending, team shouldn’t be aware that a Red team has started.
Bug bounty – Bug bounty goals are offered to help companies improve their security posture continuously (over a long period of time) by rewarding a researcher on issues he/she reports, each issue will equate to a certain amount of rewards. The difference here compared to penetration testing is that you are paid per finding, compared to penetration testing where you get paid for your time and not issues.
Purple team – Is a more collaborative way of working, collaboration between the Red and blue team. A Red team will attempt to execute a technique, for example injection into a different process, the Red team will communicate that in this time X we performed action Y and find out if the blue team detected it, if they did – great - move to the next technique. If not help them tune their security tools to identify the technique.
The following resources are good places to start your journey into Red team:
As always, SpiderLabs can assist you with training and development if needed.
Trustwave SpiderLabs recommends its clients perform multiple scenarios, this way we can help test different components of the organization’s security posture. For example, perform an attack surface review to cover any external assets, assumed breach compromise scenario and a phishing scenarios are great to check employee’s security awareness.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.