Red

Teaming
101
CYBERONICS | HACKTOBERFEST 2K22
Whoami >

S. Harisuthan BCA | CFIS

[SOC Analyst : FIS Global]

● Cyber Security Aspirant

● Technical Blogger @ SOC Investigations

● Passionate at Red & Blue teaming stuff

Linked-IN | Blog
TABLE OF CONTENTS

01 02
Red Team Intro Red Team Components
Basic introduction about Red Various components for Red Team
Team Engagements Engagements

03 04
Red Team Life MitreAttack
Cycle More About Mitre Framework
INTRODUCTION
Red Team engagements are not an
offensive techniques, it generally an
process of recreating or stimulating an
real world cyber attack to determine or
observes various types of vulnerabilities
exist in an organisation
RED TEAM OBJECTIVES

Assess Your Evaluate Security Stimulate The

Infrastructure Controls Attack
Process of assessing or Testing and evaluating Recreate and test the
validating the organisation the infrastructure environment
infrastructure security controls
Organization Infrastructure

Hardware Network
Multiple pieces of hardware Multiple pieces of Network components
components like servers, for data transmission and
computer, IOT devices, etc. communication

Software Cloud [New]

Multiple pieces of programmed An recently evolved technology
application or services like which replaces all the vintage
Apache, Ms-Office, Jenkins, etc. infrastructure modules like
Physical server, Computer, etc.
Penetration Testing Vs
Red Team Engagements
Penetration testing and red team engagements
are generally not an offensive approaches its an
process of validating an infrastructure to
determine its mis-configurations and
vulnerabilities.

Based on the scope,process and techniques it has

been divided
 P
E
N
E
Defined T Map Scan
Scope R
& Exploit
An limited Scope A
T
I
O
N
Identifies and T
exploit E
S
vulnerabilities T Limites
Determine or identifies an I Action
pre-explored vulnerability N
G
 R
E Evasion
Realistic D Escalation &
Simulated Persistence
Attack T
E
A
Tactic M Provides an
Techniques I insight over an
Procedure N entire
G infrastructure
Uber breach
02
Red Team
Components
 Major Components

Active Escalation
Directory Evasion &
Persistence

Command & Custom Tools

Control & Scripts
 Active Directory
A directory services designed by Microsoft | Windows

It's an centralized configuration and managements of

machines and servers in an organisation

It's also allow to control and monitor the user activity

 AD Components

Domain Forest & Users &

Controller Domain Groups

Trust Policy Domain

Services
AD Components

Domains
Domain Its generally manage groups & Object
Controller
Its an centralized controlling events, Organisational
which typically controls rest of the
domains
Unit [OU]
Container of groups, computer,
user & printers, etc
Forest
It's an collection of multiple Object
domains
User, Group, Printers, shared
drives, Etc,
AD Components

User
Users &
Classification
Groups
Users are classified into 4 Major
User: User are the group inside AD sections
Example person1.abc.com
By default DC comes with 2 users Domain Admin
Service Account : Sql, jenkins etc
Administrator Local Admin : Privileged users
Guest Domain User : Daily users
AD Components

Domain
Trust
Services
The process of assigning or gaining An service with specific functions
access to the resources
Domain Services
Certificate Services
Policy Federation Services
Rights Management Services
Assigning restrictions and privileges to
the users and computers.
Command & Control
C2C
A command-and-control [C&C] server is a computer
controlled by an attacker or adversaries which is used to
send commands to systems compromised by malware and
receive stolen data from a target network.
 Commonly Used C2C

A cross-platform,
post-exploit, red teaming
Merlin
Merlin is a post-exploitation
Command & Control server
and agent written in Go.
Covenant is a .NET command
and control framework that
aims to highlight the attack
surface of .NET,

Comercial C2C
C2C framework
frameworks
developed by MITRE
Demo !
Escalation, Evasion &
Persistence
Escalation: The process of gaining an high privileged
access

Evasion: The process of evading security controls

Persistence: The process keep access to systems

Escalation
Privilege Escalation is an commonly used techniques by
adversaries to gain higher-level permissions or an root
access on a system or network.

Common approaches are to take advantage of system

weaknesses, misconfigurations, and vulnerabilities.
Examples of elevated access include:
Evasion
An process of evading from various security controls, it's
generally termed as defence evasion

This specific techniques used by many adversaries to avoid

detection throughout their compromise.
Techniques such as:
1. include uninstalling/disabling security software
2. obfuscating/encrypting data and scripts
3. abuse trusted processes
Persistence
Persistence consists of techniques that adversaries use to
keep access to systems across restarts, changed
credentials, and other interruptions that could cut off their
access
Custom Tools &
Scripts
Building and using an custom scripts are an creative part of
red team engagement due to an tremendous growth of
security controls it's not easy to use some pre-developed
tools like mimikatz
03
Red Team Life
Cycle
You can enter a subtitle here if you need it
04
Mitre ATT&CK
Adversary Framework
Mitre Att&ck
It's generally an collection of attack Techniques used by adversaries during
breached

Adversary End Goal

Tactic
Techniques How the Goal should be achieved

Procedure Specific Implementation of techniques

Let's Plan a
Heist
 Certifications

CRTA CRTP CRTS

Certified Red Team Analyst Certified Red Team Professional Certified Red Team Specialist
CyberWarFare Labs Pentester Academy CyberWarFare Labs

ECPTX CRTE
Certified Red Team Expert
Certified Penetration Tester
Pentester Academy
eXtreme
E-learn Security
THANKS!
Do you have any questions?