Posted by Synopsys Editorial Team on July 28, 2015
Red teaming is an iterative process that includes three main components: recon, enumeration and attack. First, we emulate a defined adversary (anything from a script kiddie to an APT threat actor). Then we iterate through the recon/enumeration/attack components repeatedly until we have obtained our defined goal, such as obtaining sensitive client data.
At any point in the red teaming process, any of these tactics can be performed interchangeably, depending on what leads us to our goal in the most effective way.
For example, during an assessment, we may perform network recon of the client’s network perimeter and find that it’s locked down. At that point, if the client is permitted on-site assessment techniques, we may pose as a key figure that others typically trust (e.g., mail carriers, a key figure’s relative, etc.) in order to gain entry inside the perimeter. With physical access, we would then be able to establish a foothold into the network (perhaps attach a wireless device to their network), from where we would do further recon.
Every red team assessment follows a different path, but it always has the same elements of recon, enumeration and attack. When building a red team at your organization, talk to your key stakeholders and find out what really concerns them. Here are a few types of questions to consider when identifying what the goals of your red team assessments should be:
There are no right answers to these questions, but you should consider them when building out your red team personnel.
You must also determine what types of tools you’ll use in the attack. Some questions to ask include:
Whichever tools you choose, they’ll only be as good as the people using them. In order to perform a realistic red team exercise, no amount of automated tools will do as good of a job as a person who is using tools to follow the process of recon, enumeration and attack. This is because tools miss things that clever red team assessors can understand.
In the end, every red team assessment will be different, as will be every red team. You must decide what the right approach for your organization is and build out a methodology that best supports your goals.
Get the latest AppSec news and trends sent directly to you.