Collaborate Disseminate
A terrific Red & Blue (in reality – Purple’s the Word, in this case) Teaming Leadership post (via Robert A., posting on the Web Application Security Consortium List) detailing his experience leading a Purple Team, and the oversight work assocciate… Continue reading WebApp Security, ‘My Experience Leading A Purple Team’
The Department of Homeland Security has carried out quiet “red-teaming” exercises at three federal agencies, breaking into networks and telling agency officials how it was done. The goal is for officials to more quickly realize when a hacker has a foothold in their systems to keep them from exfiltrating data. “We go really quietly and slowly, just like an adversary would,” Rob Karas, the DHS official leading the red-team exercises, said Wednesday at the Cybersecurity Leadership Forum presented by Forcepoint and produced by CyberScoop and FedScoop. Karas said his team has carried out five such red-team drills at three agencies, declining to name them. The 90-day assessments begin with about two weeks of reconnaissance that might culminate in a carefully crafted spearphishing email. “We send a phishing email and it beacons back to our host in Arlington, and then we have a foothold” into the organization, said Karas, DHS’s director of national cybersecurity assessments and technical services. […]
The post Red-teaming by DHS ‘quietly and slowly’ uncovers agency vulnerabilities appeared first on Cyberscoop.
Continue reading Red-teaming by DHS ‘quietly and slowly’ uncovers agency vulnerabilities
Permalink
The post BSides NolaCon 2018, Brent White and Tim Roberts’ ‘Skills For A Red Teamer’ appeared first on Security Boulevard.
Continue reading BSides NolaCon 2018, Brent White and Tim Roberts’ ‘Skills For A Red Teamer’
Red Team infrastructure is a detail-heavy subject. Take the case of domain fronting through a CDN like CloudFront. You have to setup the CloudFront distribution, have a valid SSL configuration, and configure your profile properly. If any of these items is wrong, your C2 will not work. Many folks take “configure your profile properly” for […] Continue reading Broken Promises and Malleable C2 Profiles
Permalink
The post BSidesCharm 2018, Devon Kerr’s ‘Quantify Your Hunt: Not Your Parents’ Red Teaming’ appeared first on Security Boulevard.
Continue reading BSidesCharm 2018, Devon Kerr’s ‘Quantify Your Hunt: Not Your Parents’ Red Teaming’
What happens when your advantages become a disadvantage? That’s the theme of Fighting the Toolset. This lecture discusses Offensive PowerShell, staging, memory-injected DLLs, and remote process injection as technologies that deliver(ed) a universal advantage to attackers. Today, that’s not always the case. In some contexts, these technologies are the tell that gives you away. In […] Continue reading Fighting the Toolset
Permalink
The post Reciprocal Strategies: ‘Systems-Aware Red Teaming’ appeared first on Security Boulevard.
Continue reading Reciprocal Strategies: ‘Systems-Aware Red Teaming’
Many analysts and automated solutions take advantage of various memory detections to find injected DLLs in memory. Memory detections look at the properties (and content) of processes, threads, and memory to find indicators of malicious activity in the current process. In-memory Evasion is a four-part mini course on the cat and mouse game related to […] Continue reading In-Memory Evasion
One and a half year old video – yet highly relevant to blue and red teamers. – mh
From the video description: Breaking with the adversarial approach of Red vs Blue, look at how the current system and approaches may be broken in some organizations and … Continue reading DerbyCon 2016, Carlos Perez’ ‘Thinking Purple’
In this episode of Tradecraft Security Weekly, Mike Felch talks with Beau Bullock about the possibilities of using framesets in MS Office documents to send Windows password hashes remotely across the Internet. This technique has the ability to bypass m… Continue reading Leaking Windows Creds Externally via MS Office – Tradecraft Security Weekly #21