All in Red Teams
Continues from Part 1.
While I was calling the guys at the office I decided to check the sniffer. I browsed the captured packets and to my surprise I saw a couple of netbios connections. Working backward and running a bunch of tools I managed to decrypt the credentials used to connect to those computers. One was a user and the other was an administrator.
Now I not only had two backdoors on their internal network, but also I had an admin password. Administrator to what, I still didn't know at this point.
The next day at the office we were getting plenty of unrestricted access to the customer's network. The first thing we tried was to find the email server and see of we can have access to the top execs emails. While I was looking for the server, one of the guys in the team found the domain controller and when he tried the admin account I captured the previous day he found out it worked. Yes, now we had the domain controller under our, well, control. We have control of the domain and we can impersonate the administrator.
It was time to start having fun.
The use of hacking (I hate the *ethical hacking* name) techniques can be used for more than penetration testing and red team assessments. In one occasion, my team helped a law enforcement agency in the collection of information that lead to the capture of a criminal.
The owner of a company contacted the authorities about a former employee that took with him very sensitive and valuable proprietary information. They have some proof of it and were hoping the authorities could help locating and acquiring the proof he needed to take this person to court.
After a few months of not going anywhere the company contacted us to see whether we could help the law enforcement officials locate and track the former employee (I'll refer to him as Bob). We were given all the information, including some really nice open source intelligence collected by the good guys. Two pieces of information gave us a good lead: Bob's personal email and his social media information.
Once in a while you have a project that you know will be a lot of fun. One of the biggest telecom providers dropped a project exactly like that a couple of years ago.
They wanted a full red team assessment, including external and internal digital assessments as well as a physical one. The scope: the entire company. This included the corporate HQ and its employees, the service stores across different cities, local offices, mall stores and the factory. This was a HUGE project. They time allotted? 6 months. Perfect.
One thing we often perform is readiness exercises. These can mean different things and are planned based on the requirements.
One scenario that presents itself quite often is the one where members of an IT team, contractors and TOC personnel have to work overseas on semi-permissive or non-permissive environments.
These teams need to be ready to deal with not just security issues regarding their networks but also threats that are potentially life-ending.
The "General" of the Red Teams
The General’s actions are a great example of the red team mentality. He knew the the bad guys, he knew the good guys and found a way to beat them in their own game.