August 13

Webinar Takeaway: The Roundup by Wild West Hackin´ Fest: Red Team


My key takeaways

  • Red is a component of blue
  • Blue can exist without red
  • Red cannot exist without blue
    • red w/o blue = criminal
  • Security Operations Design is often built on existing environment, rarely built from scratch
  • Threat definition: Risk = threat * vulnerability
    • alt: Threat = ThreatActor + Intent + Tool/Technique
    • Good intentions by intelligent people do not add up to understanding threats or how they operate
  • Getting pwnd most times isn’t a one time event but a threat actor must follow a long series of events using multiple tools and techniques
  • The goal of security operations is to prevent, detect and respond to a threat-actor before they achieve their goal
    • binary "you’ve been hacked" vs not is not helpfull, as you loose sooner or later
  • A lot of time in blue teams is spend on getting in (exploit) but not so much on stay in (persistence) and act (operation impact)
  • Vulnerability assessments is an effort in attack surface reduction
  • Penetration Test is an effort in attack surface reduction
  • Threat based testing raises the threat success bar
    • prevent first, detect always
    • 100% prevention is not realistic
  • Start every engagement as a Security Assessment
    • Understand the problem set
    • Define goals
    • Determine what to measure
    • Label the engagement (if necessary)
  • You can only fight the way you practice
    — Miyamoto Musahi

  • Cyber crime has increased 600% since COVID-19 Pandemic (according to Tyler Robinson, Dark Element)
  • If AV vendors look at all publicly available tools and detect them, it will make them look good on pentests
    • the bad guys have their own tools not publicly available
  • Inveigh is like responder if you don’t have Python available
  • JS runs on M$ by default
  • Pentest: try to find as much as possible
    • Red Team Operations most times has a specific goal and are usually more sophisticated
    • Test your company vs your products


additional links

User comments

  • covers — heute um 18:31 Uhr

    I’ve heard the analogy that the blue team is a knife and red is the whetstone. Red exists to make blue better so that when a real event occurs, blue is prepared and cuts through as quickly as possible

  • zer0cooL — heute um 18:39 Uhr

    "Without training, how can defenders be expected to protect against a theat?" Start with that question to the CISO


C#, red teaming

You may also like

Summary of a LinkedIn Post Series: Ideas and Insights for Effective Security Awareness in Cybersecurity Awareness Month

Summary of a LinkedIn Post Series: Ideas and Insights for Effective Security Awareness in Cybersecurity Awareness Month

Event takeaway – SecIT 2023

Event takeaway – SecIT 2023
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}