All in Red Teams
We have a unique opportunity now. We are seeing a change in the mindset of the security experts. The digital security experts are talking about security intelligence, about being more proactive and not just react when an attack happens. This is good news.
It’s time now for the same security experts, both in the digital and physical worlds, to begin including red teams in their security planning.
I had another physical pentest. I prepared for this one for 3 months. I recon’ed the target and prepared my story, then I got to work making sure that when I got there it would go as smooth as it could possible be.
My customer specifically asked for an “overt” pentest, that means that I had to walk through the front door to achieve my target.
That’s one of my most important rules. It applies to both digital and physical pentests. Cover your tracks and become invisible.
Well, in this particular physical penetration test I got caught. It was partly my fault and partly the fact that my customer has well trained security personnel.
I succeeded in completing the pentest but just as I thought I was going home safe, I got caught, thrown to the ground and threatened to be shot if I didn’t comply with what the security personnel was saying.
It’s a great skill to have in the world of red teaming and information security, and while it’s not a new thing we’ve been hearing a lot about it lately: in the RSA, Lockheed Martin and other attacks recently the technique used was something the infosec world likes to call spearhead or phishing attacks. Essentially a form of social engineering via email or phone in which you convince an unsuspected target to open a document (that has been weaponized with a piece of malware) or by redirecting them to a malicious website where another piece of code is waiting for them.
The security people inside the company were completely clueless. They monitored the network and firewall to try to find where the leak was coming from. They tried for several month and by the time I was hired they didn’t even know whether it was someone that have penetrated them from the internet or an internal job.
Historically, a red team was a group of military personnel playing the role of adversaries, the role of the enemy or opposing force team (“RED”), as opposed to the friendly forces team (“BLUE”). With time, the red teams mission and capabilities evolved and they turned into a force tasked with challenging the security posture of military bases, outposts and other “targets”. See “Red Cell”.
