Memorial Day

This Memorial Day, please take a minute and stand in silence. Remember those that payed the ultimate price so we can live a good life.

Let's all stop what we do at 11 AM. Stand still for 1 minute. Say thank you to all the men and women that gave it all.

/

Quote of the day

"The defender’s metrics signify the defender’s focus, a feature the savvy red team will seek to exploit to the education and benefit of the defender (who may in turn seek to exploit this dynamic)."

-- Red Team Journal: The Red Teamer’s Go-To Move #4: Understand and Exploit Metrics

Note: this is a must read article. Like always, our friends at rhe Red Team Journal have the best insights into the world of red teaming.

2015’s Red Team Tradecraft | Raphael Mudge

"There is a theory which states that if ever anyone discovers exactly what the Universe is for and why it is here, it will instantly disappear and be replaced by something even more bizarre and inexplicable. There is another theory which states that this has already happened.”

― Douglas Adams, The Restaurant at the End of the Universe

Raphael starts his post with this quote by Douglas Adams. I think he managed to capture with the quote the challenge you face as a Red Teamer.

Go read the post. There are some good tips splinkled in there.

The Driving Experiment

First of all, this post is not about Red Teaming. It's not about security or anything related to it. This is a post about a little experiment we did to prove the fact that Volvo drivers are the worst and the fault lies on the car. The results are not surprising.

It's long known that we don't like Volvo drivers. It's also a known fact that this is not just us, it's a world-wide phenomenon that goes as far back as the early 1970s. If you Google it, you'll see. Even the Urban Dictionary has an entry.
In this test we wanted to prove what we already knew. So, we took JS, a very efficient and aggressive driver, and we gave him a volvo for 10 days. No, we didn't give him one of those horrible 1980s boxy Volvos. No. We gave him a modern volvo. Sporty, looking good and fast.

Yes... right..

We wanted to test the driver in the following scenarios:

  1. City driving patterns (general)
  2. Highway driving patterns (general)
  3. Driving in traffic conditions (either in cities or highways)
  4. Blending into traffic
  5. Turning into a road with oncoming traffic
  6. Specific speed limits test (what was the average)
  7. Parking
  8. Traffic light and traffic signs patterns
  9. Interstate driving (or, can the driver adapt to the different driving patterns of 4 different states)
  10. Situational awareness
  11. Music prefenence
  12. Stress test (the fun one)

These tests were conducted over a period of 10 days. JS, like mentioned previously, is a very aggressive and fast driver (he drives currently an Audi RS5) and his favorite music for the road is either AC/DC or Pantera.

With this in mind, stay tuned for the result...

/

Understanding the Positive Outcomes of Red Teaming | RSA Blog

The advantages of employing a red team are several, but generally the most important one is providing a shift in perspective. Too often, whether it is when putting together a new budget, selecting a software application, building out a data center, or making a multitude of other decisions, we tend to fall into ingrained ways of thinking and deciding. This is especially true in organizations, where we can fall into that organizational mindset or are highly dependent upon standard operating procedures. A good red team can step outside that mindset and bring a different perspective to a plan, system, or security process that can often get overlooked.

A simple article that describes what a red team is. Easy read.

/

Quote of the day

"An amazing thing, the human brain. Capable of understanding incredibly complex and intricate concepts. Yet at times unable to recognize the obvious and simple."

Via

/

Thoughts

We're putting together a page listing the articles that focus on the mindset. It's still a work in progress, but you can check the page.

What do you think?

/

Updates

Yes, the blog has been silent for a while. The reason is simple: workload. Everyone involved in the blog has currently a huge workload and unfortunately the blog suffers.
This is not an excuse. I know.

But things are slowing down a bit. Keep an eye here. Good things are coming.

/

The Red Teamer’s Top Ten Books | OODA Loop

If might expect a red teamer’s top ten list of books to feature volumes on coding, hacking, and pentesting, you’re going to be surprised. In my view, the overarching principles of red teaming exist independent of any specific domain of application. Hence, my theme here is timeless patterns of cross-domain thinking, very much in line with the Red Team Journal Red Teaming Law #32 (“The Target”): “No matter what the nature of the game, the red team’s ultimate target should always be the opponent’s mind. Everything else is just technique.”

A great article (and a great list) at OODA Loop written by Mark Mateski.

/

Extra quote of the day

"All advantage goes to the offense in cyber. It just does. On the defensive side, you have to say 'I must defend all 100,000 machines, all 50,000 employees.' The offensive side thinks, 'I only need to break into one and I'm on the inside.'"

--Kevin Mandia

This is one of the key reason for Red Teaming. Act, don't react.