Red Team Operations Training Boot Camp

Introduction to red team operations

• Course introduction
• Types of security assessments
• What is red teaming?
• Role of red team in organizational security programs
• Red team vs. blue team
• Red team assessment phases
• Red teaming methodology
• Planning red team operations

Red team assessment phases: setting objectives

• Defining assessment methodology and objectives
• Identifying points of contact
• Analyzing initial information
• Gathering team and equipment

Red team assessment phases: reconnaissance

• Passive intelligence gathering and OSINT
• Physical recon
• Getting started with social engineering
• Social engineering tactics
• Pretexting
• Phishing, vishing, smishing
• Physical and digital surveillance
• Wireless recon
• DNS and SNMP recon
• Identifying possible attack vectors

Red team assessment phases: target identification

• Identifying physical controls and vulnerabilities
• Passive network discovery and scanning
• TCP scanning
• Scanning through firewalls
• Stealthy scanning techniques
• Idle scanning
• Avoiding IDS/IPS detection
• Proper identification of services
• Vulnerability identification
• Types of network and application vulnerabilities

Red team assessment phases: gaining access

• Covert and overt entry
• Evading surveillance and physical IDS
• Lock picking
• RFID cloning
• Using social engineering to gain entry
• Vulnerability mapping
• Types of exploits
• Client-side exploits
• Password attacks
• Exploiting flaws in encryption
• Attacking web application
• Wireless hacking

Red team assessment phases: establishing foothold and maintaining presence

• Avoiding anti-virus detection
• Use of Trojans
• Hardware and software keyloggers
• Installing rogue access points and network TAPs
• Port redirection and other anti-firewall techniques
• IDS operations and avoidance
• Internal recon and pivoting
• Encrypting your communications
• Protocol abuse for covert communications
• Creating custom encryption tunneling application

Red team assessment phases: completing objectives

• Identifying and extracting target data
• SQL data extraction
• Sniffing network traffic
• Exploiting targets of opportunity
• Anti-forensics
• Log modification/deletion
• Rootkits
• Communication and evidence management

Red team assessment phases: reporting

• Report structure and content
• Reporting for compliance
• Providing recommendations
• Presenting your findings

Additional red team operations resources

• Red team operations best practices
• Commercial and open-source tools
• The future of red team operations

CRTOP exam