Development and operations a practical guide
Questions to Defuse Hostile Response to Red Team Activity
Download 4.62 Mb. View original pdf
|
- Navigate this page:
- Key Chapter Takeaways
| Questions to Defuse Hostile Response to Red Team Activity 1. Did the action operate within scope? A well-planned engagement will have a well-defined scope. If all activities operate within scope, all activities are acceptable. In cases where a Red Team is provided with information, state this upfront when describing the scenario. List the assumptions to help ensure that the audience agrees with the assumptions or, at a minimum, understand why specific actions were taken. Did the action operate within the Rules of Engagement? The Rules of Engagement dictate everything about how an action will or will not be performed. The ROE must be followed. Violating rules is a quick way fora Red Team to lose the trust and confidence of the organization. As with operating in scope, if the Rules of Engagement were not violated, the action is acceptable. Has the action been performed in a real-world attack? If an action or technique has been used in the real world, it has validity. Organizations can quickly become skeptical of theoretical attacks. Being able to tie an action to a known technique or threat will help validate its authenticity. Key Chapter Takeaways The culmination phase is a major milestone in a Red Team engagement. All activity is complete, and data or logs are finalized. If data validation is not complete, there is a serious risk to developing a quality report. This is the last opportunity to ensure logs are complete, screenshots exist, and the engagement story can be told. Culmination is the first official time the target organization receives information on the outcome of an engagement. The successor failure of an engagement often lies in the quality of the briefing performed in this phase. If performed correctly, the Red Team lead should have everything needed to begin developing a quality, professional report. Homework ● Develop an engagement system modification tracking document ● Develop a sanitization and cleanup tracking document ● Ensure operator log verification is included in the engagement methodology or workflow ● Develop an agenda template for executive outbriefs ● Develop an agenda template for tech-on-tech outbriefs |