Skip to content

Latest commit

 

History

History
41 lines (33 loc) · 2.73 KB

RedTeaming.md

File metadata and controls

41 lines (33 loc) · 2.73 KB
Raw

What is Red Teaming?

Red Teams conduct security exercises that emulate real world threats against an organization to help them better prepare against actual breaches. The objective is to help assess and improve the effectiveness of the people, processes, and technologies employed as an org's defenses. Thinking and acting like real attackers allows Red Teams to avoid the constraints associated with traditional security efforts across an org. This open playing field is vital to removing assumptions an org may have about its current security posture.

Rules of Engagement

While operating, the Red Team follows a predetermined and agreed upon Rules of Engagement.

  • Prior Approval
  • Deconflict Process
  • Reporting Process
  • Emergency Process
  • ...

Benefits of Red Teaming

  • Measures actual defenses. Invalidates assumptions and unveils the truth.
  • Exercises an org's defensive muscles to help them improve their detective and responsive capabilities.
  • "Rather than simply seeking to keep security incidents from occurring, it is critical to assume that a security incident can and will occur. The information gained from Red Teaming and live site penetration testing exercises helps to significantly strengthen defenses, improve response strategies, train defenders, and drive greater effectiveness of the entire security program." (Microsoft_Enterprise_Cloud_Red_Teaming.pdf)

The Business of Red Teaming - docs, processes, ops

  1. https://about.gitlab.com/handbook/security/threat-management/red-team/

Everyday Red Teaming

  • "researching and understanding industry incidents and threat landscape trends in order to stay on top of the latest attack techniques and tools used by adversaries is a critical part of any Red Team’s approach" (Microsoft_Enterprise_Cloud_Red_Teaming.pdf)

Code of Conduct

  1. Do not intentionally cause customer Service Level Agreement (SLA) impact or downtime.
  2. Do not intentionally access or modify customer data.
  3. Do not intentionally perform destructive actions.
  4. Do not weaken in-place security protections.
  5. Safeguard vulnerability and other critical information within the Red Team and only share those with a need-to-know. (Microsoft_Enterprise_Cloud_Red_Teaming.pdf)

Interesting Metrics for Red Teaming

"The role of Microsoft Red Teams are to identify gaps in the target’s security controls. Tracking MTTC and MTTP allow Microsoft to determine a baseline from which to continuously improve upon." (Microsoft_Enterprise_Cloud_Red_Teaming.pdf)

  1. Mean Time to Compromise (MTTC)
  2. Mean Time to Privilege Escalation or “Pwnage” (MTTP)
  3. Exploits with Impact / Exploitable Opportunities