Sometimes red teams (the bad guys) are hired to test the capabilities of blue teams (the good guys). Some examples of this would be how Quick Reaction Forces (QRF) are pushed into a real-life scenarios to see how they’ll react, Infosec/IT teams are tested under pressure and Intel guys get a dose of deception.
One scenario we often play is the “rogue agent” or “underground criminal,” where part of the plan is to disrupt their listening capabilities.
In this situation, we communicate with someone inside the company or organization being tested and provide a way for their intel and QRF guys to test their skills. Of course we don’t make it easy for them. [Read More…]
This is the final article of the Inside Red Team Operations series, which is a walk through the Red Team process of planning, preparing and executing a security vulnerability assessment and penetration test; bad-guys style.
Part 1 examined the elements and techniques necessary for planning the operation while Part 2 showed how information gathered during recon is used to implement the plan. This article uses the previous elements to show how the plan comes together.
Editor-in-Chief’s Note: Due to the recent events in Connecticut and Colorado, like many of you, I’ve been searching for answers on what can be done to prevent these kind of incidents from occurring. While this article is not meant to detract from what we see time and time again, lack of a means of defense against these threats, I reached out to frequent contributor and former IDF (Israeli Defense Force) soldier Uri Fridman for his thoughts on this.
This article was written by Uri and comes from his perspective as a now US citizen who works as an information security consultant. I’ve been very interested in the Israeli model after their procedures for handling airport security have started to become implemented at Boston Logan International Airport. Please join me in welcoming Uri back with his perspective on these recent events. [Read More…]
Editor-in-Chief’s note: This post was written by security expert U. Fridman and originally ran on his company blog, Red Teams.
A few years back, a customer asked us to test their newly installed (and very expensive) surveillance and security system. The product promised them an automated system that was so secure they wouldn’t have to place a security guard there.
After some recon we discovered that while the entrance was guarded by a very secure keypad + access card combination lock, the inside had an automated “unlock” sensor so if anyone wanted to come out, the door would unlock from the inside.
Using a high resolution night capable camera, we took photos of the door and lock. After careful review of the pictures we found out that the top and bottom of the doors were not sealed tight against the floor as we could see a tiny bit of light from there. A plan was set in motion.
Later when we arrived, we approached the door carefully and removed a piece of gear from our kit that would, hopefully, allow us to bypass the “very secure” lock: an old credit card.
We slid the old credit card under the door and… nothing.
After a few seconds we agreed that the sensor wasn’t picking the movement, maybe because we were too close to the door and sensors usually “look” a bit farther out.
We retrieved another credit card and we tied it up to a piece of metal string (essentially several springs from a pens click mechanism tied together). We pushed the card under the door again, then carefully we pushed it farther with the metal string. And farther, and farther and… voila! The motion sensor detected movement “from the inside” and unlocked the door.
We were in.
Big, expensive, digital lock defeated by an old credit card and a spring.
Today we’ll be looking at the 2nd part of our Inside Red Team Operations series, which takes us through the process of planning, preparing and executing a security vulnerability assessment and penetration test; bad-guys style.
In Part 1, we looked at some of the elements and techniques for planning the operation and the recon. In this part, we’ll see how the information gathered during the 1st phase can be used to plan the operation. [Read More…]
In this three part series we’re going to go through what it takes to perform a security vulnerability assessment that would ultimately end in the penetration of the target.
In part 1 we’ll talk about planning the operation, digital & physical recon and some of the kit we might need. In part 2, we’ll analyze the information gathered during the recon, plan and rehearse the operation and perform a dry run. This will test what we’ve learned and polish our plan. In part 3 we’ll execute the operation and plan for contingencies when things don’t go as planned. [Read More…]
“…precision was needed in the calculation since if the capsule came in too deep g-forces would be too large and if its trajectory was too shallow it would bounce off the atmosphere and be sent back into space. Cooper drew lines on the capsule window to help him check his orientation before firing the re-entry rockets. ‘So I used my wrist watch for time,’ he later recalled, ‘my eyeballs out the window for attitude. Then I fired my retrorockets at the right time and landed right by the carrier.’ Cooper’s cool-headed performance and piloting skills led to a basic rethinking of design philosophy for later space missions.”
While most high end watches can take some serious abuse, there are benefits to using a watch cover. The cover can effectively “black out” a watch and eliminate the visual signature of the hands or display as well as add an extra layer of physical protection. It is also something you can make at home with a minimum amount of preparation and materials. This DIY will show you the quick and dirty basics to making your own tactical watch cover based on the one I was issued during my time in the IDF.
Neal Stephenson’s cypherpunk novel Cryptonomicon contains a cryptosystem called Pontifex. This low-tech cryptographic algorithm uses a deck of playing cards to encrypt and decrypt messages.
Outside of the book, this algorithm is actually called Solitaire. It was designed by cryptographer and security expert Bruce Schneier at the request of Neal Stephenson. Solitaire allows secure communications without having to rely on computers or other tools that might indicate that cover channels are being used, or where access to a computer is not possible. It was designed to be secure even against the most well-funded adversaries with the biggest computers and the smartest cryptanalysts.
Solitaire gets its security from the inherent randomness of a shuffled deck of cards. Using this deck, keyed in a special way, two people can create a set of random letters that will be use to encrypt the messages. The process is somewhat slow, but it’s hard to spot that a deck of cards is being used to encrypt information. [Read More…]
The art of war teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.
– Sun Tzu
Defined loosely, a Red Team is a group of experts engaged in the practice of viewing a problem from an adversary’s perspective. This adversary can be an enemy trying to infiltrate the perimeter, a competitor trying to get the latest marketing documents or a robber trying to break into a house.
The goal of most Red Teams is to enhance decision making, either by finding and pointing to the weak links in a security system or by simply acting as a devil’s advocate. [Read More…]