On Red Teaming

Today’s adversaries don’t play by any rules. They constantly adapt and learn from failures and the complexity of their tactics and thinking is ever increasing. Whether nation sponsored, criminal or simply opportunistic, this new breed of attacker isn't bogged down trying to exploit the usual suspects (firewalls, web servers, email servers, etc.) They’re not wasting time thinking about your security checklists, policies, and procedures that have been painstakingly developed to thwart them. They’re happy to just go around, under, or over them and uncover weak links wherever possible.

One of the most often exploited weak links is the human one. That human risk can come from both an outsider and insider threats, including your supply chain. The question then becomes, not only whether you know your adversary or not, but do your partners, suppliers and vendors know them as well? Do they know theirs? How frequently are they doing security assessments? It’s a situation that needs frequent testing.

Read More

The Red Teamer's Bookshelf 2017 edition

It’s been a couple of months since we first announced that Red Team Journal, redteams.net, and OODA Loop would be compiling the latest “Red Teamer’s Bookshelf” jointly. For those of you who’ve been waiting, the list is finally here. It’s larger than previous years, so we’ve organized the titles by category (and yes, some of these titles would fit in more than one category). The titles address a range of red teaming activities and skills, with a noticeable increase in special operations books this year. Thank you to everyone who submitted titles.

Here's the list.

Quote of the day

"Hacking takes time. Developing the tool chain takes time, recon takes time, sometimes systems get hardened and the optimal time to hack them was in the past, and so on and so on. The best time to collect intelligence about an adversary is before you need it."

-- the grugq: Idle Thoughts on Cyber

Calling All Red Teamers: Help Us Build the 2016 Bookshelf

t’s time to update The Red Teamer’s Bookshelf. In the past, we’ve either built the list ourselves or consulted a small group of colleagues. This time we’d like to crowdsource the list in partnership with the Red Team Journal and OODA Loop. Use the contact page to send us the titles of the book or books that you believe red teamers should be reading. (You can reach back into history; these don’t need to be 2016 titles.) When you do send us your title or titles, add a sentence on each telling us why you think it’s important. After a week or so, we’ll aggregate the submissions and post The Red Teamer’s Bookshelf (2016 Edition) at all three sites.

Here are some of the Red Team Journal's previous bookshelves:

RTJ 2009
RTJ 2013

And the OODA Loop Top 10

And finally our bookshelf.

Quote of the day

“Most people are starting to realize that there are only two different types of companies in the world: those that have been breached and know it and those that have been breached and don’t know it. Therefore, prevention is not sufficient and you’re going to have to invest in detection because you’re going to want to know what system has been breached as fast as humanly possible so that you can contain and remediate.”

-- Ted S.

Quote of the day

"The superior red teamer is a systems thinker. He or seeks to see the whole system and well as its parts, knowing, of course, that the system will look different to different people and different groups."

-- Red Team Journal: The superior red teamer.

Hospital Recon and Security Readiness

I was recently in a hospital and the security director and I had a chat about potential threats, active shooter scenarios and how to make the overall perimeter of the hospital harder to penetrate and easier to monitor.

He and I walked everywhere, with me taking notes and pictures of everything. In some cases, I pointed directly to potential routes of entry and problematic spots (see attached pics). I walked the director on how I would penetrate the hospital covertly or overtly, what would I use and who I would potential targer for social engineering. We also brainstormed about the different attackers the hospital would see, and how each affected the security.
Finally we focused on the active shooter scenario. They do have trained staff, but as I was describing how I would do it on a mini-tabletop exercise, they realized the holes on their plans and policies, and more importantly, they realized the weakest points in their perimeter.
This simple tabletop, coupled with the walking of the building and specific pinpointing of areas of concern, provided the hospital security staff with a better way to understand the threats, prepare better security countermeasures and put in place better security cotrols.

This whole assessment took 4 hours. The stuff cooperated completely.

Note: Be aware that the issues found have been closed. The hospital implemented every single suggestion to improve security.