Development and operations a practical guide


Poor or Lack of Security Monitoring



Download 4.62 Mb.
View original pdf
Page63/96
Date11.02.2023
Size4.62 Mb.
#60628
1   ...   59   60   61   62   63   64   65   66   ...   96
1 Joe Vest, James Tubberville Red Team Development and Operations
Poor or Lack of Security Monitoring
A lack of security monitoring allows a threat to use a more extensive toolset. Tools or techniques that maybe loud or trigger a response may work just fine in an unmonitored environment. This oversight provides a threat with much greater flexibility and capability. A Red Team can take advantage of an unmonitored network. A common operational impact is data exfiltration. Perhaps a target organization has propriety sensitive intellectual property. Exposures of this information could significantly harm the organization. A Red Team can test the ability a threat has to gain access and exfiltrate the data. Alack of monitoring may allow the threat to access and steal the data without being noticed. Blue
Teams that have a weak security monitoring process will not identify malicious traffic or changes made by a threat. Defensive tools are great but must be configured and tested to ensure they are operating as expected. Remember, the primary role of the Red Team is to facilitate the improvement of an organization's defensive posture.
Social Engineering (SE)
Social engineering is exploiting weaknesses inhuman nature. Red Team engagements often rely on social engineering to support goals. This is typically used in the following areas:
Phishing

Sending an email to entice an end-user to provide sensitive information or to deliver a payload

Can be used to deliver a malicious payload

Can be used to facilitate in-person SE

Can be used to facilitate physical access
Telephoning/Texting

Calling or texting to entice an end-user to provide sensitive information

Can be used to facilitate either phishing or in-person SE

Can be used to facilitate physical access
In-person pretexting

In-person social engineering is typically used to support a physical breach
Use Caution
Social engineering (especially Phishing) works, period. But, this is not always the best option. There are political risks associated with SE a user. For example, Phishing campaigns that work well may harass or even embarrass end users. Use caution when creating a phishing campaign. Many targets of phishing require the campaign to be approved before the emails are sent. This may protect the

organization but can also limit the success rate of a phish. In cases where phishing is risky, consider white carding. A solid strategy is to send a phishing email to a trusted insider. That person will click links or provide information as directed by the phish. This allows a phishing payload to be delivered in apolitically safe manner while allowing the phishing email to touch all the security defenses. This model uses the assumption that a user will succumb to a phishing attack. The challenge for the Red
Team is to bypass the security protections designed to protect users from themselves.
A phish that leads to the compromise of a single system maybe acceptable. A phish that leads to the compromise of an organization is not acceptable as multiple failures must have occurred in organizational controls (technical, policy, procedural, etc. The authors are aware these are controversial statements and provide the following concepts for thought.

Download 4.62 Mb.

Share with your friends:
1   ...   59   60   61   62   63   64   65   66   ...   96




The database is protected by copyright ©ininet.org 2024
send message

    Main page