SlideShare a Scribd company logo

[HUN][hackersuli] Red Teaming alapok 2024

Download as PPTX, PDF
H
hackersuli

The document outlines the fundamentals of red teaming, which tests an organization's defenses through simulated attacks to improve blue team response and detection capabilities. It emphasizes adversary emulation and full cyber kill chain assessments while addressing common misconceptions about penetration testing. The document also discusses various attack vectors and the importance of continuous improvement in organizational security through regular exercises.

Internet
1 of 20
Download to read offline
1
2
3
4
5
Most read
6
Most read
7
8
9
10
11
12
13
14
15
Most read
16
17
18
19
20
RED TEAMING ALAPOK
AGENDA # W H OA M I F O G A L M A K T T P S TO O LO K I N T E R A K T Í V R É S Z
#WHOAMI
PÉTER TAMÁS (DJANGO88) PENETRATION TESTER – RED TEAM OPERATOR - DEUTSCHE TELEKOM SYNACK RED TEAM
RED TEAM Red Team performs Tactics, Techniques, and Procedures (TTPs) to test people, processes, and technology in a target environment. Goal: Make Blue Team better. Train and measure blue teams' detection and response policies, procedures, and technologies are effective. Effort: Manual; lots of tools (see C2 Matrix) Frequency: Intelligence-led (new exploit, tool, or TTP)
ADVERSARY EMULATION Definition: A type of Red Team exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective like those of realistic threats or adversaries. Goal: Emulate an end-to-end attack against a target organization. Obtain a holistic view of the organization’s preparedness for a real, sophisticated attack. Effort: Manual; more setup than a limited scope Penetration Test Frequency: Twice a year or yearly
RED TEAM PLANNING Red Team Planning Fill any planning gaps Attack Infrastructure/C2 Reconnaissance Social Engineering Weaponization Initial Access/Foothold Network Propagation Action on Objectives
AN END TO END ASSESMENT OF THE ENTIRE ORGANIZATION Main differentiator from penetration testing Tests the defenders not the defenses (detection vs. prevention) People, Process, and Technology Not a limited scope test targeting just a particular product, infrastructure, network, application, URL, or domain Full Cyber Kill Chain from Recon to Objective Often blind, unannounced exercise Determine what TTPs would work, undetected if a true attack occurred and action plan to remediate
ASSUMPTIONS That attack won't work here because... “We applied all patches” “We have outbound DLP” “Our users would never open a macro” “Our applications have MFA” “Our network is segmented and only way out is through proxy” “We have firewalls, AV, and IDS”
BENEFITS Training and improving the Blue Team Every Red Team Exercise will result in Blue Team getting better As you measure the people, process, and technology you will see improvements Lessons will be learned, and processes improved The more you train, the more you improve
MYTHS Penetration tests are accurate measurements of an organization’s security Penetration testing emulates adversarial behavior Penetration tests serve no purpose in a mature organization’s environment Penetration testing is synonymous with red teaming Black box testing is the most comprehensive method of applied security testing
Defense SECURE EMAIL GATEWAY • FireEyeMX • Cisco Email Security • Trend Micro for Email • MS Defender for Office365 SECURE WEB GATEWAY • Symantec BlueCoat • Palo Alto Proxy • Zscaler • FireEye NX SECURE DNS • Cisco Umbrella • DNSFilter • Akamai Enterprise Threat Protector AV • McAfee AV • ESET NOD32 • Symantec Endpoint Protection EDR • CrowdStrike Falcon • MS Defender for Endpoint • SentinelOne • Vmware Carbon Black • Elastic Secure DNS AV EDR Endpoint Security Attacker Email Sec Suite + Sandbox Secure Web Gateway Cloud Storage Cloud Redirector
Typical Initial Access vectors Email with malware attached / linked Spear-phishing / phishing / stealing valid credentials (especially over unusual platforms: LinkedIn, Skype, Telegram, Discord, Slack, Web forms) Reusing stolen credentials against external single-factor VPNs, Citrix Gateways, vulnerable Fortinet VPNs Password Spraying against Office365, Azure, custom login pages, VPN gateways Exposed RDP with weak credentials and lacking controls Unpatched known vulnerable perimeter device, application bugs, default credentials, Proxyshell / Log4j Rarely HID-emulating USB sticks introduced to the company’s premises WIFI Evil Twin -> Rogue WPA2 Enterprise -> NetNTLMv2 hash cracking -> authenticated network access -> Responder Plugging into on-premises LAN -> Lacking 802.1X -> Responder / mitm6 / Ldaprelayx / relaying to LDAP to create backdoor Machine account (RBCD/Whisker) SEO Poisoning – making malicious websites pop up higher in search engine results
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024

More Related Content

PDF
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Jorge Orchilles
 
PPTX
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Joe Vest
 
PPTX
Ethical Hacking Definitions Matter - Covering Vulnerability Scanning, Vulnera...
Jorge Orchilles
 
PPTX
Red Team vs Blue teaming . and how they are working
Hemant816306
 
PDF
Purple Team - Offensive and Defensive collaborative simulation
Adam Nurudini
 
PDF
RED-TEAM_Conclave
NSConclave
 
PPTX
Red Team Testing: Real Attack Simulation
defencerabbit Team
 
PPTX
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
beltface
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Jorge Orchilles
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
Joe Vest
 
Ethical Hacking Definitions Matter - Covering Vulnerability Scanning, Vulnera...
Jorge Orchilles
 
Red Team vs Blue teaming . and how they are working
Hemant816306
 
Purple Team - Offensive and Defensive collaborative simulation
Adam Nurudini
 
RED-TEAM_Conclave
NSConclave
 
Red Team Testing: Real Attack Simulation
defencerabbit Team
 
Seeing Purple: Hybrid Security Teams for the Enterprise - BSides Jackson 2013
beltface
 

Similar to [HUN][hackersuli] Red Teaming alapok 2024 (20)

PPTX
Adversary Emulation and the C2 Matrix
Jorge Orchilles
 
PDF
What-If-a-Hacker-Already-Got-In-Red-Teaming-to-Find-Out-Before-They-Do.pdf (1...
naksh4thra
 
PDF
Red Team Expert Interview questions and answers
priyanshamadhwal2
 
PDF
Red Team Expert_Interview Questions and Answers.pdf
infosec train
 
PDF
NVISO - A Journey Through Adversary Emulation - Jonas Bauters
NVISO
 
PDF
Adversary Emulation and Red Team Exercises - EDUCAUSE
Jorge Orchilles
 
PPTX
Red Team vs. Blue Team
EC-Council
 
PDF
The Rise of the Purple Team
Priyanka Aash
 
PPTX
Ethical Hacking - Red Team vs Blue Team.pptx
officialstanish
 
PPTX
Adversary Emulation using CALDERA
Erik Van Buggenhout
 
PDF
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Core Security
 
PDF
Adversary Emulation Workshop
prithaaash
 
PPTX
Services For Red Team Security Assessment — Aardwolf Security
Aardwolf Security
 
PDF
Adversary Emulation - Red Team Village - Mayhem 2020
Jorge Orchilles
 
PDF
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Mark Simos
 
PDF
2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...
Marcin Ludwiszewski
 
DOCX
Your Guide to Red Teaming Assessments - Aardwolf Security
Aardwolf Security
 
PDF
AUTOMATED PENETRATION TESTING: AN OVERVIEW
cscpconf
 
PDF
DataShepherd Security
Jason Newell
 
PPTX
Expert Platform for Red Team Operation Services, USA.pptx
Tekkis
 
Adversary Emulation and the C2 Matrix
Jorge Orchilles
 
What-If-a-Hacker-Already-Got-In-Red-Teaming-to-Find-Out-Before-They-Do.pdf (1...
naksh4thra
 
Red Team Expert Interview questions and answers
priyanshamadhwal2
 
Red Team Expert_Interview Questions and Answers.pdf
infosec train
 
NVISO - A Journey Through Adversary Emulation - Jonas Bauters
NVISO
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Jorge Orchilles
 
Red Team vs. Blue Team
EC-Council
 
The Rise of the Purple Team
Priyanka Aash
 
Ethical Hacking - Red Team vs Blue Team.pptx
officialstanish
 
Adversary Emulation using CALDERA
Erik Van Buggenhout
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Core Security
 
Adversary Emulation Workshop
prithaaash
 
Services For Red Team Security Assessment — Aardwolf Security
Aardwolf Security
 
Adversary Emulation - Red Team Village - Mayhem 2020
Jorge Orchilles
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Mark Simos
 
2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...
Marcin Ludwiszewski
 
Your Guide to Red Teaming Assessments - Aardwolf Security
Aardwolf Security
 
AUTOMATED PENETRATION TESTING: AN OVERVIEW
cscpconf
 
DataShepherd Security
Jason Newell
 
Expert Platform for Red Team Operation Services, USA.pptx
Tekkis
 

More from hackersuli (20)

PDF
[HUN][Hackersuli] Lila köpeny, fekete kalap, fehér kesztyű – avagy threat hun...
hackersuli
 
PPTX
HUN Hackersuli 2025 Jatekok megmokolasa csalo motorral
hackersuli
 
PDF
[HUN][Hackersuli]Android intentek - ne hagyd magad intentekkel tamadni
hackersuli
 
PDF
[HUN][Hackersuli] Haunted by bugs on a cybersecurity side-quest
hackersuli
 
PDF
[HUN]2025_HackerSuli_Meetup_Mesek_a_kript(ografi)abol.pdf
hackersuli
 
PPTX
[HUN] Unity alapú mobil játékok hekkelése
hackersuli
 
PPTX
Hackersuli_2024_LLM_prompt_injection.pptx
hackersuli
 
PPTX
[HUN][Hackersuli] Abusing Active Directory Certificate Services
hackersuli
 
PDF
ITBN - LLM prompt injection with Hackersuli
hackersuli
 
PDF
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
hackersuli
 
PDF
2024_hackersuli_mobil_ios_android ______
hackersuli
 
PDF
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
hackersuli
 
PPTX
[Hackersuli]Privacy on the blockchain
hackersuli
 
PPTX
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
hackersuli
 
PPTX
[Hackersuli][HUN] GSM halozatok hackelese
hackersuli
 
PDF
Hackersuli Minecraft hackeles kezdoknek
hackersuli
 
PDF
HUN Hackersuli - How to hack an airplane
hackersuli
 
PDF
[HUN][Hackersuli] Cryptocurrency scams
hackersuli
 
PPTX
[Hackersuli] [HUN] Windows a szereloaknan
hackersuli
 
PDF
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
hackersuli
 
[HUN][Hackersuli] Lila köpeny, fekete kalap, fehér kesztyű – avagy threat hun...
hackersuli
 
HUN Hackersuli 2025 Jatekok megmokolasa csalo motorral
hackersuli
 
[HUN][Hackersuli]Android intentek - ne hagyd magad intentekkel tamadni
hackersuli
 
[HUN][Hackersuli] Haunted by bugs on a cybersecurity side-quest
hackersuli
 
[HUN]2025_HackerSuli_Meetup_Mesek_a_kript(ografi)abol.pdf
hackersuli
 
[HUN] Unity alapú mobil játékok hekkelése
hackersuli
 
Hackersuli_2024_LLM_prompt_injection.pptx
hackersuli
 
[HUN][Hackersuli] Abusing Active Directory Certificate Services
hackersuli
 
ITBN - LLM prompt injection with Hackersuli
hackersuli
 
[Hackersuli] Élő szövet a fémvázon: Python és gépi tanulás a Zeek platformon
hackersuli
 
2024_hackersuli_mobil_ios_android ______
hackersuli
 
[HUN[]Hackersuli] Hornyai Alex - Elliptikus görbék kriptográfiája
hackersuli
 
[Hackersuli]Privacy on the blockchain
hackersuli
 
[HUN] 2023_Hacker_Suli_Meetup_Cloud_DFIR_Alapok.pptx
hackersuli
 
[Hackersuli][HUN] GSM halozatok hackelese
hackersuli
 
Hackersuli Minecraft hackeles kezdoknek
hackersuli
 
HUN Hackersuli - How to hack an airplane
hackersuli
 
[HUN][Hackersuli] Cryptocurrency scams
hackersuli
 
[Hackersuli] [HUN] Windows a szereloaknan
hackersuli
 
[HUN][Hackersuli] Szol a szoftveresen definialt radio - SDR alapok
hackersuli
 

Recently uploaded (20)

PPTX
Database Information System - Management Information System
faizhossain3
 
PPTX
1402_iCSC_-_RESTful_Web_APIs_--_Josef_Hammer.pptx
mwnorman1
 
PPTX
Introduction to cybersecurity and digital nettiquette
shanefrancisjavier21
 
PDF
Slides PDF: The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
PPT
Ethics in Information System - Management Information System
faizhossain3
 
PPTX
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
PDF
Introduction to the IoT system, how the IoT system works
TinBinh
 
PDF
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
PDF
The Ikigai Template _ Recalibrate How You Spend Your Time.pdf
KinchitJain2
 
PDF
mera desh ae watn.(a source of motivation and patriotism to the youth of the ...
DtMalhonSharma
 
PDF
Session 1 (Week 1)fghjmgfdsfgthyjkhfdsadfghjkhgfdsa
ssuser25df8b
 
PPT
isotopes_sddsadsaadasdasdasdasdsa1213.ppt
Kenneth James Alamillo
 
DOC
Rose毕业证学历认证,利物浦约翰摩尔斯大学毕业证国外本科毕业证
acoqwo
 
PPT
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
PDF
si manuel quezon at mga nagawa sa bansang pilipinas
LizaDeVeraFloresLaya
 
PDF
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
PDF
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
PDF
Uptota Investor Deck - Where Africa Meets Blockchain
jjc123linkedin
 
PDF
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
PPTX
Power Point - Lesson 3_2.pptx grad school presentation
JoyPPD
 
Database Information System - Management Information System
faizhossain3
 
1402_iCSC_-_RESTful_Web_APIs_--_Josef_Hammer.pptx
mwnorman1
 
Introduction to cybersecurity and digital nettiquette
shanefrancisjavier21
 
Slides PDF: The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
Ethics in Information System - Management Information System
faizhossain3
 
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
Introduction to the IoT system, how the IoT system works
TinBinh
 
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
The Ikigai Template _ Recalibrate How You Spend Your Time.pdf
KinchitJain2
 
mera desh ae watn.(a source of motivation and patriotism to the youth of the ...
DtMalhonSharma
 
Session 1 (Week 1)fghjmgfdsfgthyjkhfdsadfghjkhgfdsa
ssuser25df8b
 
isotopes_sddsadsaadasdasdasdasdsa1213.ppt
Kenneth James Alamillo
 
Rose毕业证学历认证,利物浦约翰摩尔斯大学毕业证国外本科毕业证
acoqwo
 
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
si manuel quezon at mga nagawa sa bansang pilipinas
LizaDeVeraFloresLaya
 
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
Uptota Investor Deck - Where Africa Meets Blockchain
jjc123linkedin
 
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
Power Point - Lesson 3_2.pptx grad school presentation
JoyPPD
 

[HUN][hackersuli] Red Teaming alapok 2024

  • 2. AGENDA # W H OA M I F O G A L M A K T T P S TO O LO K I N T E R A K T Í V R É S Z
  • 4. PÉTER TAMÁS (DJANGO88) PENETRATION TESTER – RED TEAM OPERATOR - DEUTSCHE TELEKOM SYNACK RED TEAM
  • 5. RED TEAM Red Team performs Tactics, Techniques, and Procedures (TTPs) to test people, processes, and technology in a target environment. Goal: Make Blue Team better. Train and measure blue teams' detection and response policies, procedures, and technologies are effective. Effort: Manual; lots of tools (see C2 Matrix) Frequency: Intelligence-led (new exploit, tool, or TTP)
  • 6. ADVERSARY EMULATION Definition: A type of Red Team exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective like those of realistic threats or adversaries. Goal: Emulate an end-to-end attack against a target organization. Obtain a holistic view of the organization’s preparedness for a real, sophisticated attack. Effort: Manual; more setup than a limited scope Penetration Test Frequency: Twice a year or yearly
  • 7. RED TEAM PLANNING Red Team Planning Fill any planning gaps Attack Infrastructure/C2 Reconnaissance Social Engineering Weaponization Initial Access/Foothold Network Propagation Action on Objectives
  • 8. AN END TO END ASSESMENT OF THE ENTIRE ORGANIZATION Main differentiator from penetration testing Tests the defenders not the defenses (detection vs. prevention) People, Process, and Technology Not a limited scope test targeting just a particular product, infrastructure, network, application, URL, or domain Full Cyber Kill Chain from Recon to Objective Often blind, unannounced exercise Determine what TTPs would work, undetected if a true attack occurred and action plan to remediate
  • 9. ASSUMPTIONS That attack won't work here because... “We applied all patches” “We have outbound DLP” “Our users would never open a macro” “Our applications have MFA” “Our network is segmented and only way out is through proxy” “We have firewalls, AV, and IDS”
  • 10. BENEFITS Training and improving the Blue Team Every Red Team Exercise will result in Blue Team getting better As you measure the people, process, and technology you will see improvements Lessons will be learned, and processes improved The more you train, the more you improve
  • 11. MYTHS Penetration tests are accurate measurements of an organization’s security Penetration testing emulates adversarial behavior Penetration tests serve no purpose in a mature organization’s environment Penetration testing is synonymous with red teaming Black box testing is the most comprehensive method of applied security testing
  • 12. Defense SECURE EMAIL GATEWAY • FireEyeMX • Cisco Email Security • Trend Micro for Email • MS Defender for Office365 SECURE WEB GATEWAY • Symantec BlueCoat • Palo Alto Proxy • Zscaler • FireEye NX SECURE DNS • Cisco Umbrella • DNSFilter • Akamai Enterprise Threat Protector AV • McAfee AV • ESET NOD32 • Symantec Endpoint Protection EDR • CrowdStrike Falcon • MS Defender for Endpoint • SentinelOne • Vmware Carbon Black • Elastic Secure DNS AV EDR Endpoint Security Attacker Email Sec Suite + Sandbox Secure Web Gateway Cloud Storage Cloud Redirector
  • 13. Typical Initial Access vectors Email with malware attached / linked Spear-phishing / phishing / stealing valid credentials (especially over unusual platforms: LinkedIn, Skype, Telegram, Discord, Slack, Web forms) Reusing stolen credentials against external single-factor VPNs, Citrix Gateways, vulnerable Fortinet VPNs Password Spraying against Office365, Azure, custom login pages, VPN gateways Exposed RDP with weak credentials and lacking controls Unpatched known vulnerable perimeter device, application bugs, default credentials, Proxyshell / Log4j Rarely HID-emulating USB sticks introduced to the company’s premises WIFI Evil Twin -> Rogue WPA2 Enterprise -> NetNTLMv2 hash cracking -> authenticated network access -> Responder Plugging into on-premises LAN -> Lacking 802.1X -> Responder / mitm6 / Ldaprelayx / relaying to LDAP to create backdoor Machine account (RBCD/Whisker) SEO Poisoning – making malicious websites pop up higher in search engine results