Planning and Executing a Red Team Engagement

Explore the intricacies of planning and executing a red team engagement in this comprehensive conference talk from BSides Columbus 2017. Delve into wargaming concepts, engagement definitions, and security maturity models. Learn about the three target areas of red teaming and discover new ideas for security testing. Examine threat scenarios and their relationship to red team exercises. Gain insights into tools like Cobalt Strike and its features for C2 communication and traffic generation. Follow along with a practical example scenario involving ACME Gas, covering threat modeling, scenario development, lateral movement, and hunt team responses. Analyze Cobalt Strike reports and pivot paths to enhance your understanding of red team operations. Conclude with valuable closing thoughts on effective red team engagements.

Introduction
Talk Outline
Wargames
Wargame Examples - CTF
Engagement Definition
Terminology Review
Red Teaming - Defined
What is a Red Team Exercise?
Security Maturity Models
Red Team - 3 Target Areas
Wargaming Computer Security
New Ideas for Security Testing
What is a Threat Scenario
Threat Scenarios same as RT?
This is just Red Teaming!
Example Scenario
Cobalt Strike - Redirectors
Putter Panda c2 callback
Cobalt Strike FTW!
C2: Internal or External
DNS Registration
Cloud Service Provider
Traffic Generation
ACME Gas - Exercise
Threat Model: Hacktivism
Scenario Development in ROE
ACME Gas - White Card Access
Lateral Movement into Servers
Lateral into Server Subnet
The Hunt Develops
And the Game would continue..
Cobalt Strike Report - MD5
Cobalt Strike - Activity
Cobalt Strike - Session
Cobalt Strike - Pivot Path
Closing Thoughts