| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
APT X, Target, Stuxnet; the media and public have started
to pay more and more attention to sophisticated attackers
and the havoc they can wreck. As evidence of advanced com
promises becomes increasingly apparent, companies have
begun to move beyond simple pentesting towards full blown
threat simulation in order to effectively identify and mitigate
the threat. However, red teaming operations are not a new
concept, and advanced military teams have been simulating
advanced adversaries long before the recent surge of attention from the private sector. While the tools and techniques
of red teams may have changed, many of the procedures are
still effective today.This presentation will aim to bridge the
gap between the old and new, showing how the fundamental
concepts of military red teaming still translate to the current
landscape. We’ll overview our take on operational red teaming and break out various engagement objective phases including situational awareness, escalation, data mining, lateral
movement, evasion and persistence. We’ll trace through the
“old school” way to achieve the objective, and then show how
updated tools and techniques can enable modern operations.
The fundamental tactics developed years ago are still very
effective, and a new coat of paint makes them even more
dangerous.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast