Red teams are offensive security experts who specialize in attacking systems and breaking defences. The red team consists of security experts who act as competitors to overcome cybersecurity controls. Red teams are usually made up from independent ethical hackers who objectively evaluate system security.
They employ all available approaches to find weaknesses in people, processes and technology to gain unauthorized access to assets. As a result of these simulated attacks, red teams make recommendations and plans on how to strengthen an organization’s security posture.
What is the Red Team?
Red teaming is a method of penetration testing that is more versatile than penetration testing. The aim of the red team is not to find the maximum number of vulnerabilities. The goal is to test the organization’s ability to detect and prevent intrusions if there is any. The team tries to access sensitive information in any way possible, trying to remain undetected in systems. They mimic targeted attacker attacks similar to APTs.
How long does the Red Teaming take?
The red teaming approach may take longer comparing to penetration tests.
Penetration tests usually take 1 – 2 weeks, while Red teaming can take 3 – 4 weeks or longer with a team effort.
During red teamwork, a stack of vulnerabilities is not searched, only the vulnerabilities needed to achieve the goal. The objectives are often the same as for a penetration test. During routing, techniques such as social engineering (physical and electronic), attacks on wireless networks, detection and vulnerabilities of external entities are used. Such tests are not for everyone, but only for organizations with a sensitive level of information security. Such organizations usually have passed penetration tests, patched most vulnerabilities, and already have a history of successfully resisting penetration tests.
A scenario of how Red Teaming will happen
Scenarios are indispensable for the Red Teaming system to achieve its goals. In a sense, the scenario is the actions determined by the model of the perpetrator and the target that gives the initial impetus to the start of the project.
A person from the red team team comes to the institution building disguised as a postman. Once inside, it connects the device to the organization’s internal network for remote access. The device creates a network tunnel using one of the allowed ports: 80, 443 or 53 (HTTP, HTTPS or DNS), providing the red team team a C2 channel for command. Another team member using this channel begins to advance through the network infrastructure, for example, using unsecured printers or other devices to help hide the network penetration point. Thus, the red team team searches the internal network until it reaches its goal by aiming to be caught and without any security points.
This example is just one of many ways the red team can use it, but based on some testing it’s a good one.