Professional Documents
Culture Documents
Red/Purple Teaming
Warstories...
Bravo!
Crew
For awesome Con!
Disclaimer
The views and opinions expressed in this presentation are
those of the author and do not necessarily represent official
policy or position of my employer or of its clients.
about(me);
$ finger -l $USER
4
2/15/2017
RedTeaming
5
2/15/2017
Pentesting vs Redteaming
Can you get in through the window?
vs
Can you steal money?
Red Teaming:
Pentest: Full Scope,
Restricted Scope, Goal Based,
Controls Based, Leverages
Broad Coverage, Pressure Points
Less Depth
6
2/15/2017
Redteaming – P/D/R
Protect Detect Respond
Vulnerability
Centric
• Vulnerability scans
• Classic Pentest
Exploit
Centric • Black Box/Grey Box
Threat
Centric
• Threat Simulation
7
2/15/2017
Examples
8
2/15/2017
Example 1
Objective: Exfiltrate data from secured network
9
2/15/2017
Example 1 – cont.
Solution: Be like MacGyver, ride on Connect:Direct
10
2/15/2017
Example 2
Objective: Exfiltrate data (secured network w/ 2FA)
11
2/15/2017
Example 2 – cont.
Solution: Be like MacGyver, ride on SchTasks
12
2/15/2017
Example 3
Objective: Exfiltrate data (virtualized environment)
13
2/15/2017
Example 3 – cont.
Solution: be like MacGyver, ride on shared drive
14
2/15/2017
Bottom line?
15
2/15/2017
Be like MacGyver
16
2/15/2017
There’s only ONE MacGyver!
17
2/15/2017
Blue Team vs Red Team?
source: red-6.com
18
2/15/2017
Blue + Red = Purple Team
19
2/15/2017
Purple Teaming – how?
Internal Team External Team/Contractor
20
2/15/2017
MITRE ATT&CK Framework
source: bodybuilding.com
22
2/15/2017
When Red meets Blue...
25
2/15/2017