Black Hat Sessions 2018 - Red Teaming session by Neal Conijn, Senior Consultant Red Teaming & Intelligence at Sosecure and Roy Duisters, Senior Security Specialist at Secura
Between all keynote speakers, we offered during the Black Hat Sessions 2018 a large number of lectures given by prominent Dutch and international speakers in multiple technical and non-technical tracks. Below you will read a brief report by Bernhard Degen, intern at Secura, about the Red Teaming session by Neal Conijn, Senior Consultant Red Teaming & Intelligence at Sosecure and Roy Duisters, Senior Security Specialist at Secura. Here you will find the link to all brief reports and recordings.
Red Teaming is not a new concept. There has always been a demand for an adversarial perspective in planning and defence. It can be dated back to Sun Tzu in ancient China who deemed it imperative to know your enemy. Later, the Prussian army developed Kriegspieler, in which players strategically position their military units to conquer their opponent. During the Cold War, Red Teaming was employed at great scale by the Americans to gather intelligence on the intentions and capabilities of the Soviets. After the 9/11 attacks, it received renewed attention.
In modern day, Red Teaming is about finding security problems in organizations. It is especially effective for finding the "unknown unknowns". These are problems of which we are not aware that they exist in the first place. There are three gates protecting assets: the human, physical, and digital gate. Security is typically weakest where responsibilities end or overlap. By experimentation and innovation, new hypothetical attack scenarios are discovered. In contrast to science, Red Teaming is not concerned with proving scenarios but rather with not missing any possibilities.
Today, the threat landscape is constantly changing and with it are the consequences of digital attacks. To protect against new attacks, organizations should scrutinize their existing security measures. Standard protections like firewalls, intrusion detection systems, and certification are oftentimes not enough. Each organization has a different threat landscape with different actors. The National Cyber Security Centre distinguishes six categories of actors, from script kiddies to state level actors, who each have their own the modus operandi and goals. For example, the skill level and resources of a state level actor is several orders of magnitude higher than those of a script kiddie.
A typical Red Teaming assignment consists of six stages: planning, reconnaissance, exploitation, post-exploitation, exfiltration, and clean closure. It is important to ensure that all operations happen in an ethical way. To this end, a code of conduct is agreed upon where the privacy and legal boundaries are confined.
Time to find the weakest link! The third phase in the Red Teaming Chain of attack
During the Red Teaming sessions, it was demonstrated how easily and discreetly one could fall victim to the techniques commonly employed in Red Teaming. Before the presentation Neal Conijn handed over a covert USB stick to the host with the pretext that a last-minute slide update is on there. Subsequently, it was inserted into the presenter notebook which then became infected. As a proof of concept, a shell was established to the infected machine through which potentially sensitive information could be exfiltrated.
You have been warned now! Secura brings extensive penetration testing experience and many years of Red Teaming experience to our Red Teaming offering, combined with many other skills and capabilities. Click here to read more details on our offered Red Teaming services as well as the assessment process.