By Anderson Taguada | September 18, 2019
Red Team refers to a team of professional hackers that attempts to access a system through simulating a cyberattack. During a Red Team exercise each team member plays a specific role while the team, as a whole, uses offensive strategies, a variety of techniques, and tools in order to weaken a system.
In cybersecurity, a Red Team’s knowledge, skills, and abilities go beyond those of a pentester whose role is to search, find, and report system vulnerabilities. A Red Team also simulates a real attack by assuming an adversarial role.
Red Team members possess different hacking skills, in order to simulate a real attack. A real attack may be structured and divided, with the attackers focusing on specific activities to achieve success. Therefore, in a Red Team, you will find team members with the following skills:
Regarding the information above the above,
we spoke with Andres of
When we asked him
about the Red Team exercise done by
Fluid Attacks, he said:
"First, the Red Team propose hacking objetives. For example: escalate privileges, modify system files or install backdoor to do it. We use the kill chain strategy"
Take a look at this video from
Fox9 about Red Team exercise.
Kill Chain is a military term
to describe the steps in launching an attack.
One of its model is the
and includes the following phases:
Find: Identify a target using surveillance, reconnaissance data or via intelligence gathering.
Fix: Fix the target’s location. Obtain specific coordinates for the target either from existing data or by collecting additional data.
Track: Monitor the target’s movement. Keep track of the target until either a decision is made not to engage the target or the target is successfully engaged.
Target: Select an appropriate weapon or asset to use on the target to create desired effects. Apply command and control capabilities to assess the value of the target and the availability of appropriate weapons to engage it.
Engage: Apply the weapon to the target.
Assess: Evaluate the effects of the attack, including any intelligence gathered at the location.
F2T2EA- The Kill Chain via Biz -n- Seen Blog.
This term was adopted by Lockheed Martin and its incident team to prevent cyber attacks. Cyber Kill Chain has the following phases:
Reconnaissance : Learning about the target using a variety of different techniques.
Weaponization : Combining your vector of attack with a malicious payload.
Delivery : Transmitting the payload via a communications vector.
Exploitation : Taking advantage of a software or human weakness in order to get your payload to run.
Installation : The payload establishes the persistence of an individual host.
Command & Control (C2) : The malware calls home, providing attacker control.
Actions on Objectives : The bad actor steals or does whatever he was planning on doing.
This is an update of the cyber kill chain for better defense by Corey Nachreiner Watchguard Chief Technology Officer.
Cyber Kill Chain 3.0 has the following phases:
Command & Control - Lateral Movement & Pivoting
As you can see, version 3.0 has minor changes designed for better security defense, but those are not unique strategies, HelpNetSecurity.
"Security professionals have differing opinions
on the effectiveness of the kill chain as a defense model.
Some love it, pointing out how several successful
infosec teams use it, while others think it’s lacking crucial details,
and only covers a certain type of attacks.
I think there is truth to both views,
so I’d like to propose three simple steps to make the kill chain even better,
let’s call it
Kill Chain 3.0."
Therefore, Kill Chain is not the only option. You can also adapt your attack strategy.
Then, what are the benefits on the client side? Simply put, Red Team’s cyberattacks simulations expose the weaknesses within a client’s systems or applications so that a client can better protect its information from a real attack scenario.
According to Medium.com,
a Red Team member must have an offensive mindset.
For this reason, "`CTFs`, wargames, or pen testing labs
are a great way to exercise offensive mindset".
Fluid Attacks, every new member
trains in hacking and programming challenges
to check and assess their level of offensive mindset.
Corporate member of The OWASP Foundation