Professional Documents
Culture Documents
OPERATIONS
Ignite Technologies
www.hackingarticles.in
Ignite Technologies
Where we are today !!
RED TEAM
.
Red Team v/s VAPT v/s Blue Team
OPERATIONS
MITRE ATT&CK
Course Overview
Ignite Technologies
Red Teams are given opportunities to touch and manipulate targets network in a way i.e.
typically done by real threats. There-by, they sometimes positions themselves to do serious
damage or embarrassment to an organization.
Therefore, before starting with a Red Team Operation, the Read Teamers and the clients are
bound with a document carrying up with some Rules of Engagement (RoE) that must be
signed by both the parties such that the things should be clear at both the ends.
www.hackingarticles.in
Ignite Technologies
The RoE is a document that contains the follows sub sections -
Project Specific Scope Contains the list of servers, router, IP ranges, and the other hardware devices.
Calendar Outline A schedule about on which month the testing will start and when it will end.
Should the team stop & notify or should proceed for the
How to proceed if found vulnerable.
persistence and privilege escalation.
When to update ?? The vulnerabilities should be updated on daily basis or collectively in the
final report
Declaration All the test would be in a safe environment such that the testing servers would not crash,
but still there are chances that the test would lead to certain server instability. Thereby
the tester is not responsible for such mis-happenings
Ignite Technologies
Working of Red Teamers !!
Red Team includes tactics, techniques and Penetration Testing is used to monitor
procedures (TTPs) by adversaries. A Red- control and identify vulnerability in order to
Team is a in-house testing overall accesses secure the organization. Whereas the
and evaluates multiple areas of security Vulnerability assessment is the process of
through a multi-layered approach. Therefore, analyzing system in order to focus on finding
it follows the concept of “defense in depth” vulnerability and prioritizing them by risk.
Here they present a real-world attack
Basically, VAPT is testing the security of an
scenarios and hard facts in an attempt to
organization’s infrastructure in order to
improve the company’s response.
find and patch vulnerabilities in a limited
The goal of the Red Team is to not find as span of time (in a week or two).
many vulnerabilities but to test the detection
and response capabilities of infrastructure.
www.hackingarticles.in
Ignite Technologies
Red Teamers are the attackers. Blue Teamers are the defenders.
Red Team members are adept at all forms of Blue Teams are the internal security teams
digital attack, as well as social engineering majorly the employees of the company who
and other methods to find ways to break into looks after the security breaches. Eg - SOC
the systems of a company.
Blue Teams have two major areas of
But they are bound by employment
operations –
agreements or legal contracts to not disclose
what they find to anyone, as the team itself Their only focus is to find the
works as an employees of the company that is vulnerability and patch them as it seems
undergoing the testing and are usually fit.
members of the IT Security divisions of the They can also keep providing security
company’s IT group. during the Red Team engagement.
www.hackingarticles.in
Ignite Technologies
Purple Team .
This team has a corporative mindset of both the teams the Red & the Blue !!
The main purpose of a Purple Team is analyze how both the teams react and, there-by strengthen or
improves the Blue Team on the basis of the final outcome or on the severity of bugs the Red team
finds up.
In an organization, Purple Teams are not constant. They exist to maximize the effectiveness of Red
and Blue teams, but if both the teams follow up their responsibilities in the best way then the Purple
Team dissolves themselves.
www.hackingarticles.in
Ignite Technologies
MITRE ATT&CK
R
.
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based
on real-world observations.
With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by
bringing communities together to develop more effective cybersecurity.
There are a total of “156” techniques and “272” Sub-techniques, which thus helps an individual to call
out a successful Red Team operation or even many times used by threat hunters and defenders to
better classify attacks.
All the tactics and techniques are thus represented into “MITRE ATT&CK® Matrix for Enterprise”,
which thereby can be checked out from here.
Active
Directory
Lateral
Movement
Command Credential
Dumping
& Control
This Red Team Attack Kill Chain has been driven from “MITRE ATT&CK” and “Cyber Kill Chain” !!
Ignite Technologies
An APT is a sophisticated, highly skilled and well-funded attacking group, where the attackers or the
adversaries use a number of tricks and techniques in order to hack their target, these techniques
may include a number of tools, and social engineering.
An APT attack is a pre-defined attack, which targets web-applications, network servers, systems,
routers, and even on the hardware devices.
These APT groups are recognized by their numbers for example –
APT1 A Chinese threat group that has been attributed to the 2nd Bureau of the
People’s Liberation Army (PLA)
APT37 A suspected North Korean cyber espionage group that has been active since
at least 2012, that target victims primarily in South Korea, but also in Japan,
Nepal, China, India, Romania, and other parts of the Middle East.
You can check the list of other APT groups from here !!
Ignite Technologies
Course Overview
Ignite Technologies
Course Overview
Data Defense
Reporting
Exfiltration Evasion
www.hackingarticles.in
Ignite Technologies
Initial Access & Delivery
Drive-by Valid
Phishing
Compromise Accounts
External
Advanced Social Exploit Public-Facing
Remote
Engineering Application
Services
Initial Access comprises of techniques that uses various entry vectors to have
initial foothold within a network.
Ignite Technologies
Weaponization
Scheduled Task/Job
User Execution
www.hackingarticles.in
Ignite Technologies
Command and Control
Escalate Privileges commonly termed as Privilege Escalation is a method that an attacker use to gain
higher-level permissions i.e. “administrative” or “root” over on a system or a network.
www.hackingarticles.in
Ignite Technologies
Active Directory
Windows
Server
Installation
Active
DC Backdoor
Directory
with
Default Local
Skeleton Key
Accounts
Active
Directory
Kerberos
AS-REP
Authenticati
Roasting
on Process
Golden
Ticket Attack
www.hackingarticles.in
Ignite Technologies
Lateral Movement
Introduction to Lateral Movement
“After gaining control over of the victim’s machine, adversaries crawl or move
slowly-deeply through a network in search of data or assets to exfiltrate.”
Ignite Technologies
Persistence
Account Manipulation
BITS Jobs
Scheduled Task/Job
Data
Exfiltration
Exfiltration
Over Web
Over Size
Service
Limits
www.hackingarticles.in
Ignite Technologies
Defense Evasion
What is Data Exfilteration
Hide Artifacts
Ignite Technologies
www.ignitetechnologies.in
.
info@ignitetechnologies.in
THANK YOU
+91 959 938 7841
+011-45103130