Red Teaming and Social Engineering
- The red team differs from the penetration test: the red team is not limited to a specific domain and is not strict (for example, the access level is only within a specific web application).
- Detecting access-specific vulnerabilities, some of which are only relevant to the red team, such as detecting browser vulnerabilities and deploying them in an attack scenario.
- Red team operations are not limited to technical techniques, but also involve human resources (social engineering) as well as physical security (on-site physical access level).
- Red Team operations should not be noisy because one of the goals, is to remain anonymous against defense mechanisms to better communicate with the hacker control and command center.
- We carry out authorized social engineering attacks, which usually refer to the development of phishing campaigns targeting customer employees. The target of the attack may be planned individually with each client.
- Other scenarios may be available for on-site Wi-Fi users to be enabled by an external hardware of a rogue AP (EvilTwin). Establishing employees’ first connection to the wireless network enables the MiTM (Man-in-The-Middle Attacks) scenario to inject malicious execution files into traffic or hijack downloaded files for further access.
- We are able to perform simulated attacks at the APT (Advanced persistent Threat) quality level using CPH (Cyber-Physical-Human) techniques. Red team operations are meant to reflect real-world cyber-attack scenarios that may be specific to an organization.
- Red team exercises are used to assess the current security situation in a target company, employee awareness, as well as the response time of internal security teams such as the SOC (Security Operations Center).
- The red team always tries to use its innovative methods in all the required stages of the attack, so the quality of the attack and benchmarking of the blue teams always depends on the level of knowledge used in the red team attack.
- The main purpose of physical security testing is to implement red team scenarios based on access to the organization building, restricted areas, documents, company devices and internal network. Physical attacks based on peripheral equipment can be very dangerous and out of sight of defense mechanisms.
- As part of the Red Team operation, we carry out network attacks both externally and internally, where the main goal is to gain access to the company’s important resources, data, or a way to enter the internal network. But in most cases, after gaining initial access to the network, we use social engineering or physical access to intensify the attack.
Establish Initial Access
The attacker is trying to maintain his access. Access stability includes techniques that an attacker uses to prevent re-access to the system, change credentials, and other interruptions that interrupt access. Techniques used for stability include any performance or configuration changes that allow an attacker to retain their place in the system, such as replacing or hijacking authorized code or adding code in Startup.
Being invisible to defense mechanisms (Defense Evasion) includes techniques that attackers use to prevent detection during their attacks. These techniques include deleting and disabling security software or obscuring and encrypting data and scripts. Attackers also exploit trusted processes to hide their malware.