Tribe of Hackers Red Team by Marcus J. Carey & Jennifer Jin

Author:Marcus J. Carey & Jennifer Jin
Language: eng
Format: epub
ISBN: 9781119643333
Publisher: Wiley
Published: 2019-07-24T15:30:00+00:00

Frantic running to a different location. We ended up cloning a badge from someone leaving the data center and then getting access to the data center, but we got so busted initially.

What is the biggest ethical quandary you experienced while on an assigned objective?

Social engineering is a tough one for me, especially morally. I pride myself on being an honest person, but in social engineering it’s the exact opposite of that. You have to remember that you are doing this for the greater good and an attempt to identify how education can be more effective or how controls may fail. You are doing this to help others. I always attempt to do social engineering from the perspective of positivity and do not try to use negative persuasion as a method to achieve my objectives.

How does the red team work together to get the job done?

It really is a team effort. For red team engagements that I’ve been on, we each play a critical role in attaining the objectives. For example, if I’m breaking in physically, someone assigned to the physical reconnaissance and best entry points is paramount. Once inside, someone handles the implant or technology that will be used to establish access to the organization or meet the objectives. If we are talking more externally, having expertise in applications, perimeter defenses, and more becomes really important. Oftentimes for a red team, when we gain initial code execution on a system, understanding the capabilities of the organization and what will get us flagged is important. Having team members who can communicate and help evade detection is important.

Lastly, remember that the red team uses mutual respect and collaboration between red and blue to help bolster an organization’s defenses and to understand where the security program can improve through real-world simulations.

What is your approach to debriefing and supporting blue teams after an operation is completed?

There are a few different approaches. One of the more collaborative approaches is purple teaming, where the exercise is conducted in real time with both red and blue working together at the same time. With red teaming, the ability to reproduce your steps with examples, timing, and artifacts is important in order to respond after the fact. Out of a red team should come two objectives—strategic and technical remediation efforts. Technical means a specific fix, detection, or preventative measure that could stop the techniques used. Strategic means figuring out how we prevent the tactics and procedures (or detect them) in the future so these types of attacks aren’t successful or are stopped earlier.

If you were to switch to the blue team, what would be your first step to better defend against attacks?

When looking at not just today but tomorrow, there is no longer a castle mentality to protecting an organization. We don’t have archers, moats, heavily fortified walls—we have a tent city with patrols occurring through the streets and distributed across a vast expanse of land. In this type of model, our traditional security principles don’t fit, and we (in security) have to adjust appropriately.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.