- Cybersecurity Attacks:Red Team Strategies
- Johann Rehberger
- 71字
- 2024-12-21 01:41:32
Modes of execution – surgical or carpet bombing
When performing operational red teaming, there are two basic approaches when it comes to compromising assets. The first one is to be very targeted and surgical, and the second one is to perform large-scale assessments and exploit attempts. Surprisingly, the second one often leads to a much better understanding of the environment and discovering unknowns. Let's explore this in a bit more detail.
Surgical
A surgical operation typically requires more detailed planning and reconnaissance. This is a good approach when there are clear objectives being set as part of the operation. The goal is to stay under the radar for the entirety of the operation. A surgical approach could, for instance, be as targeted as sending a phishing mail to two or three people and navigating into the victim's inbox to retrieve access to sensitive email or stealing critical business information from the computers of the target.
Carpet bombing
This is the kind of activity that automated malware performs. For instance, rather than dumping credentials on a few required hosts, the carpet bomb approach follows a pattern of stealing clear text credentials on any asset where it is possible.
This approach is obviously noisy, and it's more likely to be caught by the blue team. But on the other hand, this approach will highlight issues and connections between systems that were not visible to anyone in the organization before the attack occurred.
There is tremendous value in having red teamers that push the boundary and highlight unknown dependencies. In my experience, there has always been at least one finding that was entirely unexpected. This included, for instance, finding credentials of leadership in places where no-one expects them. This approach can naturally make certain stakeholders worried because the outcome of what might be found is unknown, and it's the job of the offensive security program to highlight the criticality of such progressive techniques.
It's the unknown that we want to explore and make visible to leadership and the organization.