Quote of the day

“Most people are starting to realize that there are only two different types of companies in the world: those that have been breached and know it and those that have been breached and don’t know it. Therefore, prevention is not sufficient and you’re going to have to invest in detection because you’re going to want to know what system has been breached as fast as humanly possible so that you can contain and remediate.”

-- Ted S.

Things happening

The blog has been silent for a while. There are many reasons for this, but two are the most important.
Some of the guys in the team recently got hurt on a project. They are ok and recovering, so no worries. However this has everyone busy.
The other is that a new thing is coming... The Advanced Capabilities Group. Go check this out. It's going to be great.

Quote of the day

"The superior red teamer is a systems thinker. He or seeks to see the whole system and well as its parts, knowing, of course, that the system will look different to different people and different groups."

-- Red Team Journal: The superior red teamer.

Russia, Reflexive Control, and the Subtle Art of Red Teaming | Red Team Journal

By definition, reflexive control is “a means of conveying to a partner or an opponent specially prepared information to incline him to voluntarily make the predetermined decision desired by the initiator of the action.”1 In other words, when employing the theory of reflexive control, you paint a picture of the world, that, if successful, your opponent accepts. This false picture compels your opponent to act in your favor.

Quote of the day

"In the future, we should anticipate seeing more hybrid wars where conventional warfare, irregular warfare, asymmetric warfare, and information warfare all blend together, creating a very complex and challenging situation to the combatants; therefore it will require military forces to posses hybrid capabilities, which might help deal with hybrid threats."

-- Agus Harimurti Yudhoyono, via Small Wars Journal

Note: I wrote something similar on a paper back in 2012. The idea was to bring to light the use of Red Teams to augment Special Operations and Law Enforcement.

Hospital Recon and Security Readiness

I was recently in a hospital and the security director and I had a chat about potential threats, active shooter scenarios and how to make the overall perimeter of the hospital harder to penetrate and easier to monitor.

He and I walked everywhere, with me taking notes and pictures of everything. In some cases, I pointed directly to potential routes of entry and problematic spots (see attached pics). I walked the director on how I would penetrate the hospital covertly or overtly, what would I use and who I would potential targer for social engineering. We also brainstormed about the different attackers the hospital would see, and how each affected the security.
Finally we focused on the active shooter scenario. They do have trained staff, but as I was describing how I would do it on a mini-tabletop exercise, they realized the holes on their plans and policies, and more importantly, they realized the weakest points in their perimeter.
This simple tabletop, coupled with the walking of the building and specific pinpointing of areas of concern, provided the hospital security staff with a better way to understand the threats, prepare better security countermeasures and put in place better security cotrols.

This whole assessment took 4 hours. The stuff cooperated completely.

Note: Be aware that the issues found have been closed. The hospital implemented every single suggestion to improve security.

The Cyber Moscow Rules | OODALoop

Lessons learned from US agents who operate in enemy territory have been captured for years and transformed into a code of conduct popularly known as “Moscow Rules.” Those old rules existed for a reason. Real-world experience proved their effectiveness when agents had to operate in the presence of adversaries.

Since modern cyber defenders are also frequently required to operate in the presence of adversaries there are lessons from these old Moscow Rules relevant to cyber defense.

With that as an introduction, the following is a modified list of the old Moscow Rules designed to help the cyber defender under fire.

Consider these as “Moscow Rules for Cyber Operations”

I like this one:

Understand the human tendency to forget about the threat as soon as the current attack has been mitigated. Do not fall victim to this cyber threat amnesia. When not under visible attack, study, prepare, and test your own defenses.

Red Teaming the Taliban | Small Wars Journal

By Vince Tumminello.

A very interesting paper with a good approach to Red Teaming and the mindset.

The following is a red team exercise that posits requirements for an Afghan Taliban victory in Afghanistan over a 5-year timeline. It is presented in four parts (The Cause, Political Strategy, Military Strategy, External Support) as a cohesive document presented from the Taliban Military Commission to the current leader Mawlawi Haubatullah Akhundzada. This campaign plan was originally drafted to fulfill an academic requirement for Johns Hopkins University, School of Advanced International Studies, and adapted for Small Wars Journal.

The Dangerous ‘Illusion of Certainty’ | Red Team Journal

Seasoned red teamers understand that mismanaged red teaming can potentially introduce just as much uncertainty as it claims to reduce (if not more), leading to a very real and potentially dangerous false confidence.

A must read article from our friends at the Red Team Journal.