The Art and Science of Social Engineering
Categories
Corporate Red Teaming To Me
Red Teaming is about playing devils advocate, challenging perceptions and beliefs through tangible results. If your doing Red Teaming right, your mission isn’t to FUCK SHIT UP, its ultimately to accelerate the organisations ability to handle an adversarial attack. This is done by changing cultures from vulnerability to threat centric thinking, partnering with intelligence, monitoring and response teams to leverage information and improve capabilities to detect and respond to an attack and generally make things hard for the bad guys. You should also be looking to allow the organisation to make more informed risk decisions, by taking the theoretical decisions made in a possible attack, and then proving out the results one step at a time, to decide if the risk decision still makes sense.
Just because you have awesome Zero Day Fu, doesn’t mean you need or should be using it during a Red Team threat simulation. Sure you should be advanced and sophisticated in your approach and skills, but if the real adversary can achieve their goal using the clear text creds in the text file on the desktop you just popped, they wont go flashing their awesomeness just because they can and don’t need to. The attack path taken should be appropriate and relevant to the objectives and the adversarial motivation.
Red Teaming has been all the buzz the last few years, and like most things in the InfoSec / Cyber World there are various shades of grey on what this really means. I have spoken to some Red Team leaders and its clear their pentest team just got a rebranding and nothing else changed. I think its hard to find organisations that take Red Teaming seriously and really look to mimic adversarial activities, and I also think this is because the messaging to boards and executives isn’t clear either. So if you are fortunate enough to work for an organisation that is taking Red Teaming seriously, its a sign of maturity, acceptance of reality and a willingness to embrace a change of thinking. That doesn’t mean its going to be easy or without challenge, but most thing that are worth doing and doing well take some effort ?
For me Red Teaming should be as close to the mimicking the adversarial approaches as possible. I say as possible, because if you live in the real world you will realise that when you are doing something for a company there are boundaries, codes of conduct, values, ethics and morals that come into play, so you need to work with these and continue to push the boundaries to increase the value as the landscapes change over time, as well as trust and respect in the teams capability.
So even though the Red Team capability may sit in the InfoSec / Cyber function, it should’nt be what defines it. The scope of Red Teaming should cover the physical, technology, social, people, and process components involved to achieve the goal, and you should be able to maneuver across product, test and development environments, essentially if the bad guys could and can go there so should the Red Team. This means its important to have effective relationships and partnerships with many groups, and consider various regional, regulatory and legislative issues along the journey, but its worth it ? Its also worth noting that over the years the perimeter of an organisation has become hard to define, so 3rd parties, suppliers etc should look to be included over time, but this takes time, contract adjustment, liability acceptance and more, but you should have a vision and be working towards it despite it maybe taking months or years to get there.
The thing most people don’t consider is the psychology of the adversary, they don’t think that if the asset / objective they are looking to achieve is so valuable they will go to great lengths to achieve it. They wont just give up if things seemed locked down, they will take a different approach, that may mean socially engineering someone, bribing someone on the inside, or perhaps they drive a truck through the wall to steal the hard drive. Thats what the Red Team needs to do (within reason), and the end goal is to help the organisation improve their controls and capabilities to a level that the cost and effort is to great and the environment to hostile that only the most determined try, while the others go after someone else.
You achieved the goal of stealing customer data, but you found it in the dev environment? Thats just cheating! People get irked when you find data in places it wasn’t supposed to be, but remember the attacker cares about the data and its value, not where they find it.
Its also important to invest time and money in improving capabilities, evolving the service and investing in your people. The organisations adversaries are constantly upping there game to overcome the obstacles they face, and the Red Team should look to do the same, to find additional attack paths using different methods, as well as keeping things interesting. This requires time and fundings to attend training, work in interesting projects and R&D. The people you have with you on this journey should be passionate and engaged in what they are doing, this should be rewarded. I will also note here that everyone in the team should have a voice in the direction of the team and its capability, it doesn’t matter if you are the seasoned professional, or the new guy or gal out of university, they have perspective and opinions which should be considered, they might have the next great idea. The buck ultimately stops with the leader, but its more effective and productive to have people onboard the fun bus to help keep the wheels and doors on, than dragging them along like cans on the bumper ?
If you have the privilege to lead a Red Team with the right people, your enthusiasm, dedication and approach sends a message to your team mates, those you serve and those who you engage within the industry and community. Leading a Red Team is about helping the organisation focus on strategic issues, things that can be really beneficial and have quick and long term wins, when this isn’t seen you should fight opposition to be focused on the right things, this means the team is used most effectively and keeps the team engaged and passionate about what they are doing, and the activities undertaken clearly connect to team and organisational goals. Each member of your team is special, and all different, so its important to think of them as people and not simply a headcount figure. Understand their needs, how best to interact, how they prefer to be engaged with, along with helping and coaching them to success. You should respect your team, and they should respect each other regardless of grade, skillset, etc. I wouldn’t expect anyone to do something I haven’t done, or wouldn’t do myself, nothing frustrates me more when people say they are above a task. I agree you should be mindful of how to put someones skills and abilities to best use, but no one should be above chipping in and getting things done to move the team forward. You should celebrate people success and achievements, your goal should be to help each member of your team progress to meet their dreams and full potential, managers feel threatened, where leaders partner for success. Finally process and quality is important, but results are what matter the most and what impact you can have. A good leader is honest and transparent with the team, and ultimately takes responsibility for deficiencies in the team and will back up the team and not air issues in public, if you want to flourish in the glory of success, you should take on the failings and take action to remediate, this is where for me progress of perfection is vital.
Life is short, and we spend a hell of alot of time at work, and I am fortunate enough to be in an industry I enjoy, and for all the challenges that may have to be overcome I am fortunate to do the work I do, and even more so to be in the company of such great co-workers, who share my passion and enthusiasm for doing great things, to a high quality and standard, and looking to have fun at the same time.
So my Dream Team consists of people who are interesting, passionate, reliable, trust worthy, team players as well as self motivated and able to work on their own initiative. Need a variance of skills and disciplines, so this should cover capability to attack web, network, OS, database and more, with capabilities in the physical such as lock picking, alarm system knowledge, access controls systems, and an appreciation around psychology to be effective in social engineering, building effective relationships and abilities to influence and drive change. If you see a problem, be part of the solution by offering ways to improve or overcome, don’t look for others to fix the world for you, instead invite them on the exciting journey.
Like anything on the Internet, these are my thoughts and opinions based on my beliefs and experiences. It doesn’t mean its right, wrong or indifferent, its just how I like to approach Red Teaming.
About the Author
Dale Pearson
has worked in IT since 1998, Infosec since 2004, and studied and performed hypnosis, mentalism etc since 2009.
Dale is a full time social engineer and qualified hypnotherapist. He spends a great deal of time researching the various skills and techniques that make up the art and science of Social Engineering.
More articles by
Enter your email address
Enter your email address
Latest Tweets&RT : The Social-Engineer Toolkit (SET) 7.3.11 released. Rehaul of MSSQL brute for multiprocessing/pool support (fast SQL discovery).
Added ThreatMiner to the recommended Maltego Transforms List - RT : 7 Ways To Charm Users Out of Their Passwords
Flickr Photos
Social Media&Which types of red teaming do you perform? !
Defined loosely, red teaming is the practice of viewing a problem from an adversary or competitor’s perspective. The goal of most red teams is to enhance decision making, either by specifying the adversary’s preferences and strategies or by simply acting as a devil’s advocate. Red teaming may be more or less structured, and a wide range of approaches exists. In the past several years, red teaming has been applied increasingly to issues of security, although the practice is potentially much broader. Business strategists, for example, can benefit from weighing possible courses of action from a competitor’s point of view.
&&&&&&Alternative analysis is the superclass of techniques of which red teaming may be considered a member. As with red teaming, these techniques are designed to help debias thinking, enhance decision making, and avoid surprise. According to , “alternative analysis seeks to help analysts and policy-makers stretch their thinking through structured techniques that challenge underlying assumptions and broaden the range of possible outcomes considered.” They further clarify the term by specifying that “Alternative analysis includes techniques to challenge analytic assumptions (e.g. ‘devil’s advocacy’), and those to expand the range of possible outcomes considered (e.g. ‘what-if analysis,’ and ‘alternative scenarios’).”
&&&&&&Despite their many potential advantages, red teaming and alternative analysis are not silver bullets. As one would expect, the quality of the output hinges inter alia on the quality and experience of the team, the team’s approach and toolset, and the overall context of the effort. An overconfident or culturally biased analyst or team will not benefit as much from these approaches as might an analyst or team that employs “actively open-minded thinking,” to use Jonathan Baron’s term. (See, for example, his book Thinking and Deciding.)
&&&&&&If you want to learn more, .
About Red Team Journal
Red Team Journal was founded in 1997 to promote the practice of red teaming, alternative analysis, and wargaming. Since its founding, the site has influenced a generation of red teamers to think systematically and creatively about their adversaries and competitors.
What Is Red Teaming?
Defined loosely, red teaming is the practice of viewing a problem from an adversary or competitor’s perspective. The goal of most red teams is to enhance decision making, either by specifying the adversary’s preferences and strategies or by simply acting as a devil’s advocate.
Upcoming Events
17 August: Red Teaming 101 Webinar. .
September: The Red Teamer's Book Club, Round VII (to be scheduled)
Red Teaming Jobs
Looking for a job in red teaming? Try
The Red Teamer’s Go-To Moves
This is our new series on conceptual “go-to” moves that red teamers and analysts can use to attack just about any problem.
The Myths of Red Teaming
In this series we dispel some of the most common red teaming myths.
‘See It Like Jones Would’
R. V. Jones was one of the greatest red teaming minds of the 20th century. Read our
on some of his more masterful insights.
Two-Minute Interviews
The two-minute interviews feature leading practitioners in the fields of red teaming, security, risk, and strategy.
, The Akal Group
, Rook Security
CategoriesCategories
Select Category
Announcements&&(92)
Articles of interest&&(33)
Book Review&&(8)
Commentary&&(73)
Current Issues&&(63)
Events&&(4)
Historical Red Teamers&&(6)
Just for Fun&&(24)
Occasional Paper&&(1)
Red Teaming Concepts&&(169)
&&&R. V. Jones&&(14)
&&&Stratagem and Deception&&(5)
Resilience&&(2)
The Red Team Toolkit&&(30)
Training&&(6)
Two-minute interview&&(2)
Terms of UseTraining Recommendations for Threat Emulation and Red Teaming - 推酷
Training Recommendations for Threat Emulation and Red Teaming
A few weeks ago, I had someone write and ask which training courses I would recommend to help setup a successful Red Team program. If you find yourself asking this question, you may find this post valuable.
First things first, you’ll want to define the goals of your red team and what value it’s going to offer to your organization. Some private sector internal red teams do a variety of offensive tasks and work like an internal consulting shop to their parent organization. If you think this is you, please don’t ignore some of the tasks that may fall on your plate such as reviewing web applications and evaluating different systems for vulnerabilities/bad configuration before they’re added to your environment. I don’t do much with this side of red team activity and my recommendations will show this gap.
When I think about red teaming, I think about it from the standpoint of an
, a team that emulates a sophisticated adversary’s process closely to look at security operations from a holistic standpoint not just a vulnerability/patch management.
I see several private sector red teams moving towards something like Microsoft’s model. Microsoft uses one of their red teams to constantly exercise their post-breach security posture and demonstrate a measurable improvement to their intrusion response over time. Their
covers their process and their metrics very well.
If the above describes you, here are the courses I’d go for when building out a team:
1. I’d have everyone work to get the
are good fundamental knowledge every offensive operator should know.
teaches an
course and they’ll come to your organization to teach it. The Veris Group’s red team class focuses on data mining, abusing active directory, and taking advantage of trust relationships in very large Windows enterprises.
This talk is a good flavor for how the Veris folks think:
Veris Group is teaching
courses at Black Hat USA 2015.
teaches a course called
. Silent Break sells primarily full scope pen tests and their selling point to customers is they use custom tools to emulate a modern adversary.
This course is the intersection of malware development and red team tradecraft. They give you their custom tools and put you through 15 labs on how to modify and extend their custom tools with new capability. Their process is dead on in-parallel with how I see full&scope operations [1,2].
.&Silent Break Security is teaching
at Black Hat USA 2015.
4. I’d also consider putting your money on anything from
. I plan to eventually take their Tactical Exploitation course. Their Meta-Phish paper from 2009 had more influence on how I think about offense than anything else I’ve read. I have friends who’ve taken their courses and they say they’re excellent.
Tactical Exploitation
is available at BlackHat USA 2015 as well.
5. I’d invest in a PowerShell skillset and take a course or two along these lines. Most of the high-end red teams I see have bought into PowerShell full-bore for post-exploitation. As a vendor and non-PowerShell developer, I had toembrace PowerShell, or watch my customers move ahead without me. They’re going this way for good reason though. Using native tools for post-ex will give you more power with less opportunity for detection than any other approach. I don’t know of a specific course to point you to here.
) teaches a PowerShell for Hackers course at
and it gets very good reviews.
6. If you’re interested in Cobalt Strike, I do offer the
course. My course is primarily a developer’s perspective on the Cobalt Strike product. This course is similar to
except it includes labs, an exercise, and it’s up to date with the latest Cobalt Strike capabilities.
已发表评论数()
请填写推刊名
描述不能大于100个字符!
权限设置： 公开
仅自己可见
正文不准确
标题不准确
排版有问题
主题不准确
没有分页内容
图片无法显示
视频无法显示
与原文不一致您现在的位置：&
PCB抄板可利用反向研发技术手段对已有电子产品实物和电路板实物进行逆向解析
PCB抄板可利用反向研发技术手段对已有电子产品实物和电路板实物进行逆向解析
& & & 所谓低碳环保生活就是指生活作息时所好用的能量要尽力减少，从而减低碳，特别是二氧化碳的排放量，从而减少对大气的污染，减缓生态恶化，主要从节电节气和回收三个环节来改变生活细节。而要做到这点，环保设备是治理污染不可或缺的设备。 & & &&PCB抄板是一种反向研究技术，是利用反向研发技术手段对已有电子产品实物和电路板实物进行逆向解析，将原有产品的PCB文件、BOM、原理图等技术文件进行1:1还原。采用PCB抄板技术，我们可以花较短的时间就可以获取当前流行的环保设备技术，吸收消化后更容易在此基础上进行二次开发和创新。 & & &&经过20多年的发展，中国环保产业已出具规模，一些技术、设备和服务项目已接近发达国家20世纪80年代的水平。但目前环保机械产品的国际贸易市场基本仍为发达国家所占领，中国市场重要领域也被国外技术产品所垄断。中国“十一五”环境保护投资占GDP1.4%-1.5%左右，巨大的环保投资将为环保机械制造业构筑巨大市场，也给PCB抄板行业带来巨大商机。
更多猛料！欢迎扫描下方二维码关注土猫网官方微信( tumaowang )
&#165&171元
&#165&8.6元
节省21.4元
&#165&49元
&#165&219元
&#165&26.8元
节省10.2元
&#165&132元
&#165&245元
节省249.2元
&#165&298元
&#165&35.3元
节省15.7元
&#165&2.1元
&#165&299元}