Red teaming is not a new concept within the cyber security community. However in Australia, Red Teaming is a relatively new term for most organisations. In this blog post we'll take a dive into:
There are key differences between a Red Team engagement and a typical penetration test. The first difference to consider is that a Red Team engagement is almost always a 'black box' engagement where very little information outside of clearly defined objectives are supplied by the client. This is also typically the case internally, with very few internal staff members being briefed on both the engagement scope, objectives and timelines.
While a Red Team engagement and a penetration test can have very similar objectives, the target scope and approach will differ dramatically. For example, a typical perimeter penetration test will be restricted to targeting an organisation via the internet utilising agreed attack methods. A Red Team engagement however will identify multiple attack surfaces to properly test an organisations overall resilience to an attack from an advanced threat actor. A Red Team engagement will engage in activities such as:
Another key difference between a typical penetration test and a Red Team engagement is the approach, team size and duration of the assessment. A typical penetration test engagement will generally consist of:
A Red Team engagement differs slightly:
Due to the nature of a Red Team engagement, the team will need to create a multi-tiered plan to successfully achieve their target objectives. This involves granular enumeration processes prior to attempting any form of planning or exploitation against a target.
Before considering a Red Team engagement over a traditional penetration test, we recommend that customers consider their Cyber Security defensive capabilities. For example if your organisation does not have a cyber security team, strategy or critical security controls in place such as the majority of the ACSC Essential Eight then a Red Team engagement is likely not going to provide more value for you than a traditional penetration test.
A Red team assessment will target multiple layers of your organization to test their defensive capability against an attack from an Advanced Persistent Threat (APT). While a typical penetration test is limited to a specific service or environment, a Red Team assessment will target your technology, people and physical security to identify the risk posed by an APT (Advanced Persistent Threat) against agreed objectives or scenarios.
As part of a red team assessment, you will be able to exercise your defensive technology, incident response and user awareness training to identify and contain an active breach. By working closely with relevant teams, a red team is able to identify advanced vulnerabilities across multiple layers of an organisation and assist them in defending against successful attacks to mature their defensive capabilities.
Overall a Red Team engagement is an excellent way for an organisation to test their resilience against an advanced threat actor and to identify vulnerabilities in layers of the organisation they were otherwise not aware of.
The Conti group have been featured across many news outlets lately both inside and outside the cyber security community. It is well known that this specific threat actor is mainly operated from within Russia, and with the recent events within Russia and Ukraine we thought it would be a good idea to do a recap […]Read More
Modern environments are in a constant state of flux; new systems are being commissioned, and old systems decommissioned, to meet new requirements and increase efficiency in all sectors. Managing those changes takes strategy and labour, and every change has an overhead in both of those resources. What do you do when your users want new […]Read More
Part of performing an effective and successful penetration test requires gathering as much information about the target as possible. The more information you have on your target, the more likely you are to discover an exploitable service or land a successful phish. For example, through OSINT you may discover that the target is openly advertising […]Read More
Recently in the news it was revealed that a member of an “APT” group that utilises the “Conti” ransomware became disgruntled at the state of their relationship with the group and leaked a large majority of the groups “Tools, Techniques and Procedures” documents. Conti was first discovered in 2020 and is used primarily by the […]Read More
Advanced persistent threats come in many forms ranging from your crime groups, activists all the way through to your state sponsored groups. While some of these threat actors such as crime groups are seen on a regular (if not daily..) basis, state sponsored attacks are less common and more sophisticated. While most state sponsored groups […]Read More
The Windows Name Resolution Flow You may be under the impression that turning host names into IP addresses is simple. You check: The Hosts file; then Your system’s DNS (Domain Name System) resolver That’s it right? If you don’t get a response from your local file or DNS, then the system doesn’t exist. Well, no; the name resolution flow in Windows looks something like this: Well, that’s a […]Read More
Red teaming is not a new concept within the cyber security community. However in Australia, Red Teaming is a relatively new term for most organisations. In this blog post we'll take a dive into: What differentiates a Red Team engagement from a Penetration Test. Why you shouldn't consider a red team engagement (You totally should.) […]Read More
When adding a “Password Reset” function to your application it is especially important to ensure this has the same security considerations as any other critical function within the application. Due to the nature of resetting a user’s password, along with many security considerations being overlooked, it is not uncommon for attackers to spend extra time […]Read More