RED TEAM TESTING – HACKING TESTING
RED TEAM TESTING – HACKING TESTING
Red teaming is a term that refers to a group of people that work together.
The red team offers a variety of cyber security services, such as penetration testing, managed SIEM, and compliance consulting. Our red team assessments, on the other hand, are unquestionably the most intriguing (and cool) service we provide.
So, what exactly is a red team test? Simply put, a red team test involves security specialists jeopardizing a company’s cyber and physical security through a combination of penetration testing, social engineering, and deception. A red team’s goal is to obtain data remotely or by making direct contact with an organization’s on-premises computers. Preferably without becoming entangled in the process. Once completed, the team may report to the organization on what they accomplished, how they did it (with proof), and, most crucially, how the firm can prevent it from happening again. Typically, only one or two people inside the organization being red-teamed are aware of it; many employees are utterly clueless of what is going on. It’s similar to Ocean’s Eleven, except with less George Clooney and more time devoted to research.
The most significant aspect is research.
Go milk
We realized we could compromise a firm with a couple quarts of milk (and no, we don’t mean dumping it over the servers) during a red team test. Red team exams are multi-layered in nature, attempting to evaluate every area of a company’s security. They put the technological, physical, management, and even the people to the test. We strive to jeopardize a business in whatever way we can (bar violence, of course). Red team tests are a variety of things, but the most significant.
Red team tests are enjoyable
I’ll provide an example to demonstrate what a red team test entails. Yes, the one with the milk.
We were requested to evaluate a workplace and its systems. We were just provided with the firm name and website URL. We began, as we do in most engagements, by searching the Internet for any material that could be useful.
We discovered right away: Twitter photos of staff employees, each wearing their office ID badge with the printed side towards the camera (thanks to modern-day smartphones these always tend to be of such good quality we can replicate these badges later)
Floor blueprints of the workplace were obtained from the estate management business Google Street View, as well as satellite pictures indicating the presence of a backdoor inside the building.
What is the difference between blue and red teams?
While both red and blue teams work with manufacturers and producers to enhance their cybersecurity, they have significant variances. The first distinction between the red and blue teams is their cybersecurity specialization and background. Members of the red team frequently specialize in offensive security techniques, where their focus is on identifying vulnerabilities that might damage a business and building specific exploits and tools to employ during engagements.
Blue teams, on the other hand, focus on utilizing their cybersecurity knowledge to assist defend firms by detecting vulnerabilities, implementing essential security patches, and building specialized tools and filters to detect assaults. Blue teams also specialize in building security processes and policies that adapt in response to corporate demands and the current status of cyber threats.
Another difference between red and blue teams is their function and engagement in the business. Red teams are not directly affiliated with the firm. They are frequently seen as a “third party” hired for a set period to analyze a company’s security. Their mission is to replicate a realistic controlled set of cyber assaults against the corporation as a bad actor. Blue teams are regarded as an internal resource for a firm, as the members of the blue team work for the company and do not provide work for any other organization. Blue teams are made up of many team members that work in shifts to defend their assets 24/7.
It’s all about planning
We also discovered some intriguing digital objects. Their website was running a vulnerable version of WordPress, and while we couldn’t totally compromise the server due to its hardening, we could create new pages and sites for it.
We decided on a two-pronged approach based on this: we’d set up a phishing gateway on the hacked WordPress server that looked like their Outlook Web Access page.
We’d show up at the location with a photoshopped ID badge based on one we saw on Twitter, meander into the workplace, and try to connect malicious gear to the network or any machine we could get near to.
Our phishing site was difficult to detect since it was hosted on their server, on their domain, and had a legitimate SSL certificate. It caught some users off guard, allowing us access to their accounts. Because the client did not provide any remote desktop or Citrix-based services for us to exploit, we saved the stolen credentials for later use.
Our badges appeared to be valid at first inspection, but they would not operate on the door system since we had no clue what sort of technology was in place. We have designed many sorts of cards based on well-known RFID badge types. These didn’t function, but one that used the same technology would emit a telling warning beep, which was subsequently crucial. A beeping card reader adds a touch of realism.
A short scan of the surrounding area revealed that there was, indeed, a rear entrance. It was, however, a fire escape with a notice that said, ‘this door is alerted.’ Because we were attempting to be as discrete as possible, I chose to enter through the front (non-alarmed) entrance.
Go big
This was a risky move because it meant going directly into the path of a security guard, who would no doubt have a slew of questions for me. This clearly distinguishes red team testers from simple penetration testers. I walked in, carrying several bottles of milk that I had purchased earlier. “Milk run,” I said to the security guy, nodding and motioning to the milk in my hands. I next swiped my card, which elicited a series of warning alarms. I went through the motions again, seeming to be more irritated, until the security man arrived.
Red team milk
“No, it’s not code… the milk is in the elevator.”
Once inside, I pulled out my laptop (equipped with enormous Wi-Fi antennae) and walked about with a focused expression. Fortunately, if you seem like you work in IT, people will avoid speaking with you until necessary. I walked into a largely vacant workplace and inserted a cloaked USB ethernet adaptor into an unattended desk PC.
Our USB ethernet adapter really housed a tiny Linux computer that allowed us to connect remotely to our own servers and tunnel into the target network. However, it appeared that the inside network had some type of filtering in place that barred unfamiliar devices, which would have prevented us from obtaining anything through our milky exploits. Is the game over? Not yet – remember, we also have access to numerous users’ credentials. We could circumvent this filtering after entering into the machine and obtaining access to their servers. From here on in, the rest is generally as old as the inside entrance test. We found things that were broken, mishandled them, took passwords, spread further, and continued to go and gather proof until there was no place else to go or until we were gotten.
We were not able to get to this event. We furnished our customers with an extensive report and assisted them with fixing their cycles and working on their security. We showed them the degree a malignant entertainer could go. It’s not generally somebody at a PC on the opposite side of the world. Here and there, it’s a man with some milk.
You are an objective
As should be obvious, a red group test is extremely involved. You may believe that your organization is too small to even consider drawing in this degree of consideration, and somewhat you may be correct. We’re not liable to attempt to slip into a five-man solid group professing to be the new understudy. Yet we will attempt every stunt in the book. We adjust our strategies to the circumstance. More modest organizations will more often than not have less refined innovation or be laxer in their cycles. Programmers frequently take the easy way out, which means more modest organizations will consistently be targeted by them.
Obviously, few out of every odd organization would profit from a red group test. however, in case you’re putting away enormous amounts of delicate information that would help loathsome elements, it’s great to ensure each part of your security is really amazing because programmers will attempt to get at it somehow.
UK Cyber Security Group Ltd is here to help
Please check out our Cyber Essentials Checklist
Please check out our Free Cyber Insurance
If you would like to know more, do get in touch as we are happy to answer any questions. Looking to improve your cybersecurity but not sure where to start? Begin by getting certified in Cyber Essentials, the UK government’s scheme that covers all the technical controls that will provide the protection that you need to help guard against criminal attacks. Or just get in touch by clicking contact us