Red Team Approach - RedOps

Defender Strengths via Red Team Approach

With the Red Team Approach tool, I simulate real cyber-attacks for small and medium-sized enterprises (SMEs), acting strategically, dynamically and as quietly as possible. Based on current Advanced Persistent Threats (APTs) and the Mitre Attack Framework, I put your organisation to the test. Based on my expertise in defence evasion, I also bypass common security products (AV/EPP/EDR) such as Microsoft Defender for Endpoint (ATP), SentinelOne, CrowdStrike, etc. and show you current blind spots.

If my clients want to simulate a full-blown Red Team Operation, e.g. according to TIBER-DE, I have a network of partners with whom I can simulate even complex Red Teamings.

The added value of the Red Team Approach for SMEs is that they receive as undistorted a picture as possible of their ACTUAL state in the event of a real cyber attack. My clients get a first impression of how their own (IT) employees react and what reaction capability and visibility (at the endpoint and network) their internal IT defenders currently have.

Penetration testing is an important aspect or tool, but it has a different added value than a Red Team approach or Red teaming. I think attack simulations using Red team approach are crucial for SMEs to understand real cyber-attacks and gradually increase their own cyber-resilience.

Who Needs a Red Team Approach?

I am of the opinion that a purely technical analysis of IT security also falls short for SMEs. Regular penetration tests are very important for a mature security concept, but they alone are not enough to protect companies sustainably against real cyber attacks and Advanced Persistent Threats (APTs). In addition, the Red Team Approach can be an effective tool for companies, but of course this also strongly depends on the respective company itself, the desired goal/added value, the available budget and also the current IT security level of the company.

The Red Team Approach can help to get an undistorted picture of the current ACTUAL state of the IT security culture in one's own company. As already mentioned, I consider the tool of the Red Team Approach to be very important, but each client is individual and it must be weighed up whether a Red Team Approach also makes sense in relation to the current IT security level of the client.

Red Team Approach

Using the Red Team Approach tool, I simulate real cyber-attacks for small and medium-sized enterprises (SMEs), acting strategically, dynamically and as quietly as possible. Based on current Advanced Persistent Threats (ATPs) and the Mitre Attack Framework, I put your organisation to the test.

Basically, there are no rules and no scope. The primary objective is for the Red Team to achieve the defined goal. For a scenario that is as realistic as possible, only the most necessary people (White Team) should be involved.

I simulate a real cyber attack and act strategically and as inconspicuously as possible. Detections by technical components such as EDR and SIEM as well as by human components such as the Blue Team (SOC) should be avoided as far as possible.

In principle, there are no rules, but it still makes sense to use "rules of engagement" to define what I can and cannot do as an attacker.

The Red Team Approach can take several weeks, or a Red Team Engagement up to several months. The high strategic share requires a lot of time, about 50% for the initial access.

Red Teaming or the Red Team Approach lives from many dynamic elements, yet there is also a structured procedure here. For the simulation of real, advanced cyber attacks, every step is well considered and carried out as silently as possible (OPSEC). Your technical IT security and your defenders are put to the test.

At the end of the day, the attack simulation gives companies an undistorted picture of how they react to a real cyber attack or how well they are prepared. On the one hand, you gain important insights into the technical level of your IT security and, on the other, into the reaction times and visibility of your internal defenders.

Penetration Test

In a penetration test, the focus is clearly on finding as many vulnerabilities as possible within a scope defined with the client and exploiting them in a controlled manner. In a penetration test I also follow the Mitre ATT&CK framework closely, but the focus is not on being as inconspicuous and undetected as possible.

On the one hand, there is a clearly defined scope, and on the other hand, the framework is defined by rules of engagement. The IT team is involved in the pentest.

There is no need to act as quietly and unnoticed as possible. Structured rather static approach with dynamic elements.

The framework conditions are defined by means of "Rules of Engagement".

The period is very flexible, the client can book more or less man-days as required. It is recommended to adapt the period to the defined scope.

Penetration testing stands and falls with the methodology used. Penetration testing contains many static elements that are regularly supplemented by dynamic elements. It is not about OPSEC, i.e. the IT department is informed and there is no need for the tester to act in silence.

The penetration test provides you with important information about the technical level of your IT security. A pentest offers companies a good introduction to the topic of cyber security. The pentest report can be used as a basis for initiating effective hardening of your IT infrastructure.

The Red Team Approach and the classic penetration test have some similarities, but there are significant differences between the two methods.

Overview

Planning / Procedure

Procedure

Rules

Period

Methodology

Added value

How I Approach the Red Team Approach

Preparation | Scoping

Compared to a very complex and elaborate Red Team Engagement, a Red Team Approach allows me to act alone and therefore be very flexible and dynamic. Each Red Team Approach starts with a clear set of objectives that I define with you at the outset. This could be to compromise the Microsoft Active Directory, access your CEO's computer or access sensitive customer data. The planning and execution of the Red Team approach should involve as few people as possible, or as many as necessary, so that the attack is perceived as a real hacker attack and a realistic, undistorted picture of your IT security and your team's response emerges.
Methodology | Implementation

This is where I get down to business and put your IT infrastructure to the test, including your staff and internal defenders. I start with an extensive reconnaissance and try to gather as much useful information about my target as possible through tactical intelligence gathering. Based on this, I look for possible entry points into your internal network, prepare my initial access payload (command and control Trojan) and try to gain initial access / foothold. If the initial access is successful, in the next step of the post-breach phase I try to achieve the previously defined goals step by step (e.g. compromise of customer data). During the Red Team approach, I am in regular contact with my client's contact person (white team) and keep my client informed.
Report | Further development

Based on the findings of the Red Team approach, I will provide you and your team with a final report and presentation showing where you are well positioned and where there is potential to improve your IT security. My aim is not to point the finger at individual failures. The goal is to raise your IT team's awareness of information security and to develop their skills so that they are better prepared and able to respond to real cyber-attacks in the future.

Why Red Team Approach at RedOps

I not only examine the technical aspect of your IT infrastructure, but also look at how your company as a whole reacts to a real cyber attack. What impact does it have on your internal processes? How do your defenders behave in the event of a cyber attack? Do your defenders even notice the attack?

In short, as an expert in offensive security, my goal is to help you understand real cyber attacks, prepare for them and improve your overall IT security level continuously and in the long term.

Responsibility and Integrity

Anyone who uses offensive security services and deliberately exposes themselves to an ethical hacking attack should do so with a partner they can absolutely trust. I keep all information strictly confidential and am 100% integer in what I do.
Research Orientation

IT security is not a product, but a constant learning process. That's why I invest a lot of time in further education and research. I have already been able to present my results in the area of endpoint security at several international IT security conferences.
Quality Instead of Quantity

With Offensive Security, I have made my passion my core competence. I don't sell products or licences, but live purely from my expertise in the field of IT security. For me, quality clearly comes before quantity.

Making sense of IT:Security

Penetration Testing

Penetration testing focuses on the technical analysis of your systems and forms the basis of an effective hardening process.

Assumed Breach

The Assumed Breach scenario allows you to simulate an attack with a focus on the post-breach phase in the corporate network.

Egress / C2-Test

The Egress / C2 test examines which protocols, ports and channels a malicious attacker can use to establish command and control (C2) connections from inside to outside.