What is red-teaming?
A important term in IT security context, a red team (red cell) is a group of hackers with various skill-sets, who simulate attacks on the network infrastructure. By contrast the blue team’s job is to defend the network. Red teams follow a specific set of rules known as the rules of engagement which stipulate what types of attacks are allowed and points in the attack when they should stop and reporting should be done. The attacks may employ technical, physical, social or process-based attack vectors. This intends to cover all aspects of a organization’s security controls such as physical, administrative, and technical. The red team helps step 4 of the NIST Risk Management Framework to assess the security controls.
Taking the steps of the cyber-kill-chain into account (reconnaissance, weaponization, delivery, exploitation, installation, command and control, actions on objectives), the red team may simply seek to gain reconnaissance information and then report that to the security lead, and then discuss possible ways to proceed. Caution must be taken to not disrupt network functionality.
What are some online resources to learn red teaming?
Never try to use the tools or information in these sources to attack networks you do not own, unless you have express written permission from the individual or organization that owns them. I dropped a slow-loris attack on a server one time and still feel bad about it. Don’t do IT!
Before you begin to randomly attack networks with a low-orbit ion cannon, you should pick a target. Security trails offers a list of the top exploit databases, which gives you a big enough list to keep you busy for a while.
Null-byte‘s history goes back to 2008 when it’s parent company WonderHowTo was started and began producing how to videos about technology. Now Null-byte and it’s Youtube Channel have produced a large collection of both offensive and defensive tutorials. The topics range from OSINT, password cracking, WiFi exploitation, Raspberry Pi tool-kits, Kali Linux, Android, as well as common command line tools such as Wireshark, Metasploit, and other Mac /Linux command line tools and introductions to several pen-testing distros.
Hack5 produces specialized red-team hardware and produces tutorials on a range of topics such as Linux command line tools, and a podcasts that relay real IT security news on the daily. Their specialized hardware allows a red-team to deploy “hot-plug” (plug-and-play) attacks, which demonstrates the importance of physical access security. Some of their hardware as blue-team functions as well such Below is a rundown of some of the links to their podcasts and Gadgets.
- Shannon Morse of Hack5 produces ThreatWire a podcast that covers global corporate IT security breaches.
- Key Croc – A keylogger armed with pentest tools, remote access and payloads that trigger multi-vector attacks when chosen keywords are typed. It’s the ultimate key-logging pentest implant.
- Shark Jack – Armed with an ultra fast nmap payload, providing quick and easy network reconnaissance.
- Screen Crab – A stealthy video man-in-the-middle implant.
- Wifi Pineapple – Automate WiFi auditing with all new campaigns and get actionable results from vulnerability assessment reports. Command the airspace with a new interactive recon dashboard, and stay on-target and in-scope with the leading rogue access point suite for advanced man-in-the-middle attacks.
- Bash Bunny – Exploits multiple attack vectors – from keystroke injection to network hijacking. Pull off covert pentest attacks and IT automation tasks in mere seconds with simple payload scripts.
- USB Rubber Ducky – Injects keystrokes at superhuman speeds, violating the inherent trust computers have in humans by posing as a keyboard.
- Packet Squirrel – Ethernet multi-tool is designed to give you covert remote access, painless packet captures, and secure VPN connections with the flip of a switch.
- Lan Turtle – A covert Systems Administration and Penetration Testing tool providing stealth remote access, network intelligence gathering, and man-in-the-middle surveillance capabilities.
- And even more devices…
- Community Forum
- Hackersploit Youtube Channel – Hackerploit’s Youtube channel offers including a full ethical hacking course, a simply enormous list of tutorials in red-team software applications such as Burp suite, Metasploit, Wireshark, etc, shell scripting, digital forensics, bug bounty hunting, and also includes tutorials in setting up Python, Linux, Kali Linux, and Android for ethical hacking purposes and using fundamental command line tools such as netcat, nmap, and more.
- Kevin is an American author and convicted hacker turned security consultant. His books “The Art of Invisibility” and “The Art of Deception” focus on corporate social engineering tactics. If you your goal is to defend against physical penetration testing or corporate information ex-filtration by means of social engineering, these books will prove helpful in building your strategy. By describing scenarios, Kevin identifies key vectors of attack in the corporate information network.