Offensive Information Warfare, Intelligence Gathering and Direct Action Operations Using Red Teams - Part 1

​About a year ago I wrote a paper entitled Offensive Information warfare, Intelligence Gathering and Direct Action Operations Using Red Teams, I posted the table of contents in the blog a while ago.

That paper haven't seen the light of the day, yet. However many people asked about this so I decided to write a six part article about this that will provide the basic ideas on each part of the paper.

Read More

A Team Effort - Part 2

​When D and I entered the TOC, Y was already there talking to the two guys on the ground. They followed the execs that morning and again they stopped at the cafe. This time they were ready with a control inside the execs' computers. A few minutes after once of the principals opened his laptop and connected to the cafe's WIFI network, the attackers were on it like flies. The team members were also running a sniffer. The combination of the sniffer and the monitoring software at the exec's computers provided us real time info as to what the attackers were trying to do. We saw they ran an exploit and gained access to the computer. 

Once their backdoor was installed, they connected back to a listener or C2 computer. A listener is a program that accepts connections from a backdoor. The simple ones are usually a terminal running netcat, the more complex ones allow the bad guys to send command to the backdoor via different channels and protocols. We were ready for this. As soon as the backdoor made its first connection we were able to detect it. We saw the bad guys immediately began scanning the computers. We had several Word documents and PDFs weaponized and ready to be picked up by them. They had names and content that would be too juicy not to copy them. And they did.  

Read More

Inside Red Team Operations, Part 3: Execute, Execute, Execute!

​This is the final article of the Inside Red Team Operations series, which is a walk through the Red Team process of planning, preparing and executing a security vulnerability assessment and penetration test; bad-guys style.

Part 1 examined the elements and techniques necessary for planning the operation while Part 2 showed how information gathered during recon is used to implement the plan. This article uses the previous elements to show how the plan comes together.

Read More

VIP Digital Protection

​In the past few years security contractors and other personnel have been engaged in VIP protection; from perimeter security and convoy protection to personal security assignments.  

I've done this in the past. I received the training. However, since I am also a geek with red team and information warfare skills I also performed what I like to call *VIP digital protection* or VDP.

C-level executives, VPs, command and other high level employees or personnel are targets not only on the physical side but also on the digital side. Their laptops, cellphones, iPads, etc contain a wealth of information that can not only be sold for a lot of money, it can also represent a risk to national security.

Read More

Bluetooth...

On this particular project my team and I were tasked getting access to the VP of marketing's laptop. Part of the team began tailing the VP so we have an idea of what his daily routines were. The other part of the team began checking the company's network in order to try to penetrate it and find our way to the VP's laptop from there. As a last resort we would try a physical penetration of the building so we could get to the laptop.

After over a week we didn't have anything concrete on the digital pentest side, they were fairly secure. We could eventually find a vulnerability that may be exploited but we were under a very tight timeframe for the project. We were considering the physical pentest when J. called me from the field and told me that he discovered the VP has an unsecured Bluetooth connection on his laptop. 

Read More

Coming up soon...

I'm finishing the iOS (iPhone and iPad) Red Teams app.

The app will help in the collection of field intel, recon, and data management and it will include a drawing canvas for the recon sketches, an ssh shell for connectivity to the servers, a mini stumbler for both WiFi and Bluetooth, a note taking area and a sensitive data storage with strong crypto (pictures, notes and voice recording).

Read More

Sun Tzu and The Art of Cyber-War | Krypt3ia

An interesting take on appling the Art of War concepts to digital warfare.

... too many people cite Sun Tzu poorly in these types of presentations. Well Jericho is right and often times not many of the tenets of Sun Tzu make it into the presentations. On average you will see maybe one or two and that’s it but The Art of War has many other chapters and quotes that map to general warfare and that includes Cyber-War (so called) Generally however the overall tactics put forth by the Art of War are applicable because this is warfare we are talking about no matter the landscape (electronic) that we are fighting it in. You still have adversaries looking to defeat one another using guile and force today just as in the day of Sun Tzu. The real issue comes down to reading between the lines of the old text and applying the ideas to the modern landscape of the electron, the malware, and the phishing attack.
Read More

The AA

​On a rather interesting project, I spent an hour trying to convince the assistant of a CEO (the AA) I was targeting  to open a PDF that contained important information that I needed the CEO to consider. It was important to me that she open it while I was on the phone because I needed to verify that I had a connection to their network via the code I embedded in the weaponized PDF. 

She wouldn’t have it. She kept on saying that she would open it later when she was free. Not good. Eventually she got tired of me (I was using every trick in the book to convince her!) and she said: “Fine! I’ll open it.”

Read More

Red Teaming Experiments with Deception Technologies (PDF)

By Fred Cohen, Irwin Marin, Jeanne Sappington, Corbin Stewart, and Eric Thomas.

Abstract

This paper overviews a series of 30 experimental runs designed to measure the effects of deception defenses on attacks against computer systems and networks.