Thanks all for the logo submissions so far

Thank you for the submissions so far. There are some great ideas being sent.

I wanted to provide a little direction. The logo will be used on different things, from a patch to a letterhead to a report to a website... The simpler the logo, the better it will be in adapting to the different backgrounds. When thinking and then designing the possible logo please ask youself:

  • Is the logo legible? Will the logo standout on a dark background? What about light? On a business card? Try to keep the design to a minimum set of objects. Simple is better. Too much stuff on the logo and the meaning will get lost in the noise.
  • Is the logo scalable? Will the logo (and its details) remain legible when you shrink it to be used as an icon? Will it look ok when used full size on a web page?
  • Is it functional? Finally, is the logo a functional logo? Again, in order to keep the logo legible and scalable it must be simple. Having little icons inside the main logo will work on a full size, maybe, but what about smaller sizes? Are those little details getting lost because there are so many of them?

Finally, try to keep clipart-style graphics out. Having a logo looking like a clipart is not really good. Some of then are a work of art, but not very functional.

Thank you!

/

Faster Toward Disaster: A Brief Thought on OODA Loops | Red Team Journal

... If your adversary deceives you, “getting inside your adversary’s OODA loop” is perhaps the worst thing you can do; it suggests you’re accelerating with heightened confidence toward his ends based on the prompts he presents. Put differently, “observe” with hubris and you just might find yourself running faster toward disaster. (Of course the seasoned red teamer will quickly observe that you can turn this same principle against your adversary.)

As always, our friends at the Red Team Journal make an excellent point.

The backdoor, literally

Sometimes you spent weeks trying to figure out the best way to infiltrate your target, whether digitally or physically.

Sometimes all it takes is a trip to the back of the building.

A few months ago we were performing an initial recon on a new customer. He wanted us to check whether his security team did a good job in setting the perimeter. The finaly target was one of the server rooms inside the building, where their data center was located.  
We arrived after hours and after laying low for a few hours, observing and collecting *atmospherics*, we decided to go around the perimeter to map it. In the past we've found vulnerable points of entries that were no visible from a single OP (observation post).  
As we were coming to the back of the building, we noticed that the trash collecting trucks were leaving the building. The gates were open and there was no guards there, only a camera. We layed there observing for 40 minutes and nothing happened. After a brief exchange we went for it. 

Read More

Calling out readers for a logo design

Within the Red Team ran at the Digital Ops Group there is a smaller team. We do very specific projects that go beyond Red Teaming.

This team was formed even before the Red Team was active and it does not have an oficial logo or callsign. We want to change that.
So, I want to run a contest here, much like I did when I was looking for a good logo for the Red Team (done by Jered). Readers can send their ideas for a logo. The winner gets a patch with the logo they had helped design, a Red Teams patch and if we are in your area the chance to go on a recon mission with the team.

A few guidelines:

  • the logo has to work well in both light backgrounds and dark backgrounds.
  • the logo can include the original Red Teams logo, however a new design is encouranged.
  • it has to be sterile - no text - but convey the idea.
  • no frame is needed on the logo - it must be able to fit a square patch, a circular logo, etc.

A little more about the small team: The team performs both physical and digital deep recon. This includes information gathering prior to an operation or project (the team's main purpose), digital disruption operations and offensive digital warfare and phyical security disruption. Essentially anything that might create problems for the target.

Please send your designs to redteamsblog@gmail.com

Have fun!

/

Please join me on a minute of silence

Please join me on a minute of silence for the victims of the attack in Boston last year during the marathon.

Just stand quietly for a minute, please. Think and reflect on this. Think about how we can fight terrorism better. This is what I wrote last year:

It's time to be strong now. It's time to remember those that are no longer with us and hope for the wounded. Then we need to return to our lives. We need to show the terrorists that they cannot disrupt the freedom we have.

We are stronger than them.

/

The Red Team, The IT Director and the Naysayer VP

As part of the services we provide, we do twice a year a generic digital posture assessment on our customers. A generic digital posture is the name we gave to checking the organization digital footprint and perfoming a very fast and shallow vulneability scan. Essentially we want to check if the organization has some has some very obvious vulnerabilities.

So, while we where scanning one of our biggest customers we discovered that a certain VP was using his corporate email to login and post to several off-road vehicles forums.  
While this might look innocent, given who this VP was, it was a problem. Bad guys can use this to mount a simple social engineering attack and possibly gain access to the network.  
We called the IT director, our contact person. We told him about all the things we found (including some systems with public facing interfaces that needed to be upgraded or tighten a bit). We mentioned to him that he needed to talk to the VP and ask him to stop using the corporate email on public forums. It was singling him out for an attack. The director is a great guy to work with, he understands security and he knows the value of Red Teaming, so he said he would take care of this.

Read More

Quote of the day

"Sometimes it is entirely appropriate to kill a fly with a sledge hammer."

Sometimes you do it covertly. Sometimes you bring the noise.

/

The MIT Lockpicking Guide

A good intro for beginners.

The theory of lock picking is the theory of exploiting mechanical defects. There are a few basic conept and definitions but the bulk of the material consits of tricks for opening locks with particular defects or characteristics. The organization of this manual reflects this structure. The first few chapters present the vocabulary and basic information about locks and lock picking. There is no way to learn lock picking without practicing, so one chapter presents a set of carefully chosen excerses that will help yuou learn the skills of lock picking.

/