Development and operations a practical guide
Download 4.62 Mb. View original pdf
|
- Navigate this page:
- Activity Logs
| Data Collection The collection of data drives the value of the engagement itself. Data collection should be complete, enable the replication of activities and results, and identify items of significant interest to the operators. Final data sets should include: ● Pre-event data (OSINT, ROE, POC list, etc.) ● Execution data Operator logs (manual data collection) Automated data collection and logs Screenshots ● Post-event data (data archive, closeout brief if performed, and final report) Activity Logs All activities related to the Red Team operation should be logged as soon as the engagement begins and only terminate after all activity related to the engagement is completed. Examples of events to be logged include: ● Scanning activities ● Exploit events ● Stimulation efforts ● Deconfliction requests ● Target information discovered ● Targets acquired and lost ● System events (outages, downtime, etc.) ● Login attempts ● Credentials captured ● Credentials used ● Files system modifications ● Modifying or disabling security controls ● Modification or suppression of security alerts or logs ● Methods of access ● Methods of persistence employed ● Command and Control channels established ● Requests to increase, decrease, or pause activity ● ROE conflicts, requests, and modifications All data collected during the engagement should be logged, filed according to datatype, and stored in an engagement-specific file share, preferably in real time. As discussed in the Handling Client Data section, this file share should be located on a mountable, encrypted volume within a centralized server or NAS. Focus Point Its important to impose the value of failed actions. Many operators capture only successful actions performed during the engagement. In many instances, the failure of a specific action (and its associated details) provides more value to the target as well as to the Red Team than many successes. Download 4.62 Mb. Share with your friends:
|