Development and operations a practical guide



Download 4.62 Mb.
View original pdf
Page35/96
Date11.02.2023
Size4.62 Mb.
#60628
1   ...   31   32   33   34   35   36   37   38   ...   96
1 Joe Vest, James Tubberville Red Team Development and Operations
Threat Profile Usage
Threat profiles typically support the engagement story and are used to describe the technical aspects of a single C channel. A single threat profile is used for each C channel.

At the end of this chapter, you will have the opportunity to work through a threat profile exercise.
Let’s examine an example of areal attack to illustrate the concept of a threat profile.


A review of a blackhat's tradecraft
This real-world attack will provide context and understanding of how an attack may occur. As you read through the summary, think about how you could use this in planning and scoping a red team engagement.
How HackingTeam Got Hacked
Phineas Fisher, aka. Hack Back, claims responsibility for the Hacking Team attack and release of documents. The documents were released to WikiLeaks on July 8, 2015. In April 2016, Phineas
Fisher published a report explaining how the Hacking Team attack was accomplished. It was first written in Spanish and later translated into English.
Tweet Sent from HT’s Twitter account after it was controlled by Phineas Fisher
Hacking Team, an Italian company, is known for selling intrusion and surveillance software to governments, law enforcement agencies, and corporations. We will not focus on whether you agree with their practices or not. What is interesting here is the opportunity to review a black hat's
Tradecraft. Why A Red Team may need to defend their position on how and why they acted in a certain way. It is common for target organizations to claim that specific techniques are not real or that a threat would not do that. This article is a great reference to use in threat emulation. The TTPs described are not only are useful in performing an engagement but can help confirm that a Red Team's actions are threat faithful. Threat faithful engagements that closely mimic a realistic threat, are very believable and a great way to demonstrate practical adversarial activity.
For more detailed information on this attack, read the following. Hack Back, http://pastebin.com/raw/0SNSvyjJ.


2. Hacking Team, https://wikileaks.org/hackingteam/emails/.
3. Hacking Team, https://en.wikipedia.org/wiki/Hacking_Team.
4. Hack Back, http://pastebin.com/raw/GPSHF04A.
5. Full English translation of Phineas Fisher's account of how he took down HackingTeam,
https://www.reddit.com/r/netsec/comments/4f3e6p/full_english_translation_of_phineas_fishers/d25qbci/.
6. https://www.vice.com/en_us/article/3k9zzk/hacking-team-hacker-phineas-fisher-has- gotten-away-with-it

Download 4.62 Mb.

Share with your friends:
1   ...   31   32   33   34   35   36   37   38   ...   96




The database is protected by copyright ©ininet.org 2024
send message

    Main page