RT-2007 Red Team Tactics for Pentesters

Presented at Texas Cyber Summit 2019, Oct. 11, 2019, 4:45 p.m. (60 minutes)

What can a Penetration Tester gain from entering into the mindset of an Advanced Persistent Threat? Isn’t this what a Red Team is for? Imagine being able to connect your penetration testing actions with those of known APTs. Embrace your ability to help your client determine if their defenses are effective against potential APTs. Traditional Penetration testing is a valuable asset to any organization. As a Penetration Tester it is our job to express how a weakness can affect an organization’s security posture. To go a step further and perform a Red Team engagement, an organization would get a solid understanding of how their security posture holds up to a simulated adversary. We know that these types of engagements are quite different in nature, but when it comes to penetration testing what if we could put a new spin on our actions and reporting? Now imagine that you’re conducting a penetration test and you utilize a covert method for persistence. After doing some research on ways to better maintain this persistence you discover that APT29 (Advanced Persistent Threat) actually uses this very TTP (Tactic, Technique, and Procedure). Whether the organization’s security team is able to respond accordingly or not, you can now provide a valuable piece of information to your client. Being able to connect the similarities of your penetration testing actions with known APT TTPs can really help improve the security posture of your client. If your client is in an industry targeted by APT29, then not only did you help determine their security posture but you may have just saved them from being an easy win for the adversary. By detailing your client’s response to actions taken, you’ll be able to help them determine if their defenses are adequate enough to defend against potential APTs. My goal is to help you blend both the traditional penetration testing methodologies with Red Team Tactics in order to become a more effective Offensive Security Professional.

Presenters:

  • Samuel Kimmons - US-AFCERT
    Samuel Kimmons is a Lead Cyber Threat Emulator/Red Teamer and Penetration Tester at the United States-Air Force Computer Emergency Response Team (US-AFCERT). He has several years of experience which include: red teaming, endpoint security, vulnerability management, penetration testing, and system administration. He is responsible for conducting red team engagements, full scope penetration tests, researching and utilizing adversary Tactics, Techniques, and Procedures. In addition to his work experience and training, Samuel holds GCIH, GWAPT, GPEN, GXPN, and is currently pursuing; GCFA, OSCP. He also enjoys giving back to the security community by creating Cyber Security and Hacking How-to videos.

Links:

Similar Presentations: