During remote red team exercises, it can be difficult to keep from leaking information to the target organization’s security team. Every interaction with the target’s website, every email sent, and every network service probed leaves some trace that the red team was there.
Mature blue teams can correlate those pieces of information to identify red team actions and infrastructure, and use that information to either block the red team outright or execute deception operations to frustrate further attacks.
In this Black Hills Information Security (BHIS) webcast, Michael will discuss common sources of data leakage during remote red team exercises and steps red teamers can take to eliminate or disguise the leakage outright, or to compartmentalize their actions and keep the blue team from connecting the dots.
He’ll also discuss how red teamers can see the attack from the defender’s point of view so that these concepts can be applied to new tools and technologies in the future.
Join the BHIS Community Discord: https://discord.gg/bhis
0:00:00 – PreShow Banter™ — It’s Not Delivery, Its Frozen
0:09:36 – PreShow Banter™ — One Rural to Rule Them All
0:11:51 – PreShow Banter™ — Proudly Sucking at Charity
0:13:08 – PreShow Banter™ — SPECIAL GUEST: Rural Tech Fund
0:20:39 – PreShow Banter™ — Meth Lab For Computers
0:25:41 – FEATURE PRESENTATION: OPSEC Fundamentals for Remote Red Teams
0:27:00 – WHOAMI
0:30:42 – Why OPSEC is Important For Red Teams
0:34:01 – Possible Countermeasures
0:36:37 – Other Red Team Threats
0:38:06 – Assessing Red Team Actions
0:39:26 – Building OPSEC Standard Procedures
0:40:42 – Local Workstation Setup
0:45:01 – OS Modifications
0:49:44 – TOOL Configurations
0:56:35 – Source IP Addresses
1:01:36 – Fail-Safe VPN
1:02:57 – Other Third-Party Services
1:10:05 – Network Services
1:15:19 – Testing New Tools
1:21:42 – Got Questions
1:27:03 – PostShow Banter™ — Access Granted
Michael Allen is a security analyst at Black Hills Information Security, where he works exclusively on offensive security assessments like penetration tests and red team exercises. After earning an Associate’s Degree in Computer and Information Science and many years of hacking “just for fun,” Michael finally turned his hobby into a career in 2014. Since then, he has also spent time teaching courses at Black Hat USA and earning a multitude of InfoSec certifications, including the OSCE, MLSE, and CISSP, among others. He joined the BHIS team in 2019 where he is proud to work alongside some of the best and brightest InfoSec professionals in the world today.
Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2021/03/SLIDES_OPSECFundamentalsRemoteRedTeams-1.pdf
Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment.