BUILDING A PRACTICAL INTERNAL RED TEAM ABHIJITH ABHIJITH B R B R - - PowerPoint PPT Presentation

building a practical
SMART_READER_LITE
LIVE PREVIEW

BUILDING A PRACTICAL INTERNAL RED TEAM ABHIJITH ABHIJITH B R B R - - PowerPoint PPT Presentation

Aug 17, 2022 148 likes •359 views

TACTICAL ADVERSARY: BUILDING A PRACTICAL INTERNAL RED TEAM ABHIJITH ABHIJITH B R B R [Abx Abx] DEFCON 28 SAFE MODE DCG VILLAGE 2020, AUG 7TH tacticaladversary.io *image credits goes to https://tacticaladversary.io/ ABHIJITH B R [Abx]

slide-1
SLIDE 1

TACTICAL ADVERSARY: BUILDING A PRACTICAL INTERNAL RED TEAM

ABHIJITH ABHIJITH B R B R [Abx Abx]

*image credits goes to https://tacticaladversary.io/

tacticaladversary.io

DEFCON 28 SAFE MODE DCG VILLAGE 2020, AUG 7TH

slide-2
SLIDE 2

ABHIJITH B R [Abx]

  • Leading Offensive security operations in a global FinTech company
  • Former Deputy Manager cyber security at Nissan motor

corporation, previously with EY

  • A decade of experience in the security domain
  • Founder of https://RedTeamVillage.org community

[No, It is not associated with DC]

  • Lead at DEFCON Group Trivandrum (https://dc0471.org/)
  • Started running https://tacticaladversary.io blog this year

DEFCON 28 DCG VILLAGE 2020

@abhijithbr

slide-3
SLIDE 3

LET’S MAKE IT CLEAR!

DEFCON 28 DCG VILLAGE 2020

slide-4
SLIDE 4

VULNERAB VULNERABILITY ILITY ASSESSMENT ASSESSMENT IS NOT IS NOT RED TEAMING RED TEAMING.

DEFCON 28 DCG VILLAGE 2020

slide-5
SLIDE 5

PEN PENETRAT ETRATION TE ION TESTING STING IS ALSO NOT IS ALSO NOT RED TEAMING RED TEAMING.

DEFCON 28 DCG VILLAGE 2020

slide-6
SLIDE 6

Historically, a red team was a group of military personnel playing the role of adversaries, the role

  • f the enemy or opposing force team (“RED”),

as opposed to the friendly forces team (“BLUE”). With time, the red teams mission and capabilities evolved and they turned into a force tasked with challenging the security posture of military bases,

  • utposts and other “targets”.

[Redteams.net]

WHAT WHAT IS RED IS RED TEAM TEAM

DEFCON 28 DCG VILLAGE 2020

slide-7
SLIDE 7

A RED TEAM IS A GROUP OF HIGHLY SKILLED PEOPLE THAT CONTINUOUSLY CHALLENGE THE PLANS, DEFENSIVE MEASURES AND SECURITY CONCEPTS.

[Redteams.net]

WHAT WHAT IS RED IS RED TEAM TEAM

slide-8
SLIDE 8

Our Red Team will be doing pentest and vuln scanning for the clients.

Security sales guy

from Security company XYZ

slide-9
SLIDE 9

Conceptual Red Team vs Blue Team Portrayed as native Kerala martial art form “Kalari Payatu”

*Art created for RedTeamVillage.org at c0c0n conference, 2018

DEFCON 28 DCG VILLAGE 2020

slide-10
SLIDE 10

BUILDI BUILDING AN NG AN INTERNAL INTERNAL RED TEAM RED TEAM. .

[ADVERS [ADVERSARIAL ARIAL SI SIMULATION MULATION]

DEFCON 28 DCG VILLAGE 2020

slide-11
SLIDE 11

INTERN INTERNAL AL RED TEAM RED TEAM OPERATIONS OPERATIONS FRAMEWORK FRAMEWORK*

*image credits goes to respective owners.

IRTO – PHASE 1 IRTO – PHASE 2 IRTO – PHASE 3 IRTO – PHASE 3 IRTO – PHASE 4

DEFCON 28 DCG VILLAGE 2020

*this is still a work in progress.

slide-12
SLIDE 12

IRTO IRTO – PHASE PHASE 1 1 CRAWL CRAWLING ING

  • Get the budget approval
  • Define the practical goals, objectives
  • Identify the crown jewels and people
  • Rules of engagement (ROE), reporting and other process

documentation

  • Assistance from the Management and Legal department
  • Understand the security posture of the organization
  • Hire the talent –The Red Team

DEFCON 28 DCG VILLAGE 2020

slide-13
SLIDE 13

THE THE A A TEAM TEAM

DEFCON 28 DCG VILLAGE 2020

*image credits goes to respective owners.

slide-14
SLIDE 14

IRTO IRTO – PHASE PHASE 2 GET GET ON YOUR FEET ON YOUR FEET

  • Red Team external infrastructure (Digital ocean, GCP, AWS)
  • Corp. tools, Improvised open source tooling capabilities
  • Identifying the business specific risks
  • Be friends with your organization’s Blue Team
  • Adversarial Emulation (Atomic red team, Caldera etc)
  • Manual campaigns against the organization and employees
  • Validate current defense mechanisms with blue team (MITRE)
  • External attack surface discovery and mapping
  • Designing a remediation process to address issues

DEFCON 28 DCG VILLAGE 2020

slide-15
SLIDE 15

IRTO IRTO – PHASE PHASE 3 3 START START WALKING WALKING

  • Improved Tools, techniques and procedures (TTP’s) based on

current security posture

  • Identify and eradicate findings 1, 2 - crown jewels and people*
  • Evaluation of Incident response process*
  • Automated Adversary Emulation
  • Automated campaigns
  • Targeted APT emulation based on Threat Intel
  • Improvised RTO process documentation

DEFCON 28 DCG VILLAGE 2020

slide-16
SLIDE 16

IRTO IRTO – PHASE PHASE 4 START START RUN RUNNING NING

  • Collaborative and continuous Purple team exercises
  • Enterprise tooling capabilities
  • Targeted campaigns against the Crown jewels and key people
  • Overt physical security assessments
  • Continuous awareness programme for employees and key

people

  • Continuous training process for operators and defenders
  • Proactive remediation process and plans

DEFCON 28 DCG VILLAGE 2020

slide-17
SLIDE 17

IRTO IRTO – PHASE PHASE 5 TIME TIME TO FLY TO FLY

  • Matured red team operations
  • Significant improvement of organizational security posture
  • Highly skilled operators
  • Covert physical security assessments
  • Custom tooling capabilities
  • Continuous Adversary simulation to keep the defenders on

their toes.

  • Continuous RTO with well defined process

DEFCON 28 DCG VILLAGE 2020

slide-18
SLIDE 18

PLANS PLANS: : STR STRATEGIC ATEGIC AND AND TACTICAL TACTICAL

DEFCON 28 DCG VILLAGE 2020

STRATEGIC PLAN = TACTICAL PLAN 1 + TACTICAL PLAN 2 + TACTICAL PLAN N

*The management always need updates [Long term objective] [Divided into short term tactical engagements]

slide-19
SLIDE 19

Q&A Q&A

DEFCON 28 DCG VILLAGE 2020

Reach me on Discord Abx Abx#1 #147 474 twitter: @abhi abhijithbr jithbr

slide-20
SLIDE 20

Special thanks to, Jayson E Street DEF CON Groups TX and DEF CON Group Delhi DEF CON Group Trivandrum members

DEFCON 28 DCG VILLAGE 2020

*image credits goes to https://tacticaladversary.io/