Action on Objectives
The final phase of the Unified Kill Chain. These TTPs will depend on the goals and objectives of the exercise.
As a red teamer, you need to find the “objective” of your operation and then prove access to that objective to your client. 1. Collection Tactic used to identify and gather data from target network. 2. Data Staging Move collected data to a central location for exfiltration.
Network Propagation
Once the initial foodhold is obtained, post-exploitation activities begin. This access will be used to learn more about the target system and network to move around and reach action on objectives. That happens by executing the following activities:
Discovery Privilege Escalation Presistence Defense Evasion Credential Harvesting Lateral Movement 1. Discovery Is a tactic that allows an Red Team to gain knowledge about a system and the internal network.
Initial Access
It represents the techniques adversaries may use to gain an initial foothold within a network. One of the most complex and time-consuming aspects of a red team operation. It may be accomplished via various methods:
Exploitation:
Drive-by Compromise: Exploiting a user visiting a website. Exploit Public-Facing Application. External Remote Service: Exploit or find a valid account for services like VPNs, Citrix..etc. Hardware:
Through Removable Media.
Introduction To Red Team
1. Red Team Operations A team-based exercise to simulate or emulate a genuine, real-life threat (TTPs) to an organisation to improve people, processes and technology. They’re given a specific goal: Demonstrating access to business-critical information, measure blue teams' detection & response policies. Identify gaps in the organisation’s defences, monitoring and incident response capabilities to reach that goal. Red Team Exercises focus on an end-to-end assessment of the entire organization.