RED TEAM EXERCISES

What Are Red Team Exercises?

There are many misconceptions about what effective red team exercises entail. Overall, a Red Team Exercise should involve live testing of an environment to identify potential gaps in security controls. Instead of simply testing an isolated system or identifying patch deficiencies, the engagement should be a true test of the organization’s entire control set.

When scoping a Red Team Exercise the engagement should be flexible and meet the needs of a particular organization. Many decisions need to be made in collaboration with the red team assessors and the partner. This includes starting and entry points during the assessment and proper communication channels. Typically, the red team shouldn’t know much about the environment they are about to assess. Despite this, the red team should provide a project plan and document the types of exploit techniques that will be attempted. This ensures the organization will attain value from the assessment and gives the partner the opportunity to adjust prior to the engagement commencing.

In a Red Team Exercise, the rules of engagement are typically very open. This kind of is an all-out attempt to gain access to a system by any means necessary including cyber penetration testing, testing all wireless and RF systems present for potential wireless access, and testing employees through scripted social engineering and phishing tests. These are real-life exercises carried out by a select group of highly qualified individuals who are contracted to assess a system’s cyber security.

SpearTip’s Red Team Exercise Methodology

SpearTip builds attack scenarios according to each stage of the compromise. These attached scenarios are correlated to the MITRE framework. SpearTip will report on all successful and unsuccessful attempts. This gives the organization insight into both strengths and weaknesses of their cyber security program.

Stage 1 - Reconnaissance and OSINT

• Social Media
• Password Dumps
• Dark/Deep Web
• Social Engineering Data Collection

Stage 2 – Compromise Perimeter

• Network Probing
• Service Enumeration
• Remote Access Solutions Discovery
• IT Vendor Enumeration

Stage 3 – Establishing a Foothold

• Phishing Emails
• Custom Malware Deployment
• Credential Testing and Usage of VPN/Remote access

Stage 4 – Privilege Elevation and Lateral Movement

• Disabling of Security Tools
• Password and Hash Dumping
• Establishing Internal Targets
• Moving to Target System

Stage 5 – Crown Jewels

• Gain Access to Sensitive Systems
• Identify Target Data (HR Files, Trade Secrets, PII, PCI, Email, etc.)
• Pool Data

Stage 6 – Exfiltration

• Circumvent Outbound Network Filter
• Test Sending of Outbound Data

Stage 7 – Cleaning Up

• Removal of Malware
• Clearing of Log Files

Stage 8 – Long Term Persistence

• Establish “Legitimate” Backdoor
• Creation of Dedicated User Accounts

Why Partner with SpearTip for Reds Team Assessments

SpearTip’s Red Teams are staffed with cyber experts who are constantly triaging and responding to live threats inside environments. We understand the most successful attack techniques because we prevent them through our ShadowSpear Platform. All this intelligence is used to build highly effective assessments, that go beyond immature trophy hunting and expose real opportunities for improvement. At the end of the engagement, we produce comprehensive reports with clear and straightforward recommendations to resolve the identified issues.

Rapid Response

ShadowSpear Platform

Advisory Services