Red Team Assessment Phases: Completing Objectives

The purpose of this phase of the assessment is fairly self-explanatory. In previous phases, the red team performed the operations necessary to set themselves up for success in achieving the goals of the assessment. This phase is focused on achieving those goals and often happens somewhat in parallel with the previous phase (e.g., it would be ridiculous not to grab a “flag” on a compromised machine because the red team wasn’t prepared to grab all of them). In the end, completing this phase and all previous ones should result in achieving all operational objectives or the ability to describe in detail why one or more were impossible to complete (i.e., because the client was doing a good job).

Scoping the Phase

The scope of this phase is defined by the goals of the assessment as defined during the planning session and included in the red team assessment agreement. These goals may range from collecting a certain set of defined “flags” (like sensitive data that should be protected for regulatory compliance) to a more “freeform” exercise in which the red team is instructed to exploit the client’s organization as fully as possible. Depending on the goals of the assessment, the red team may engage in a variety of activities on the target network in order to successfully complete the assessment.

Achieving Phase Goals

The goal of this phase is fairly straightforward yet also depends on the specifics of a certain assessment. As part of the planning and negotiation phase of the assessment, the red team will determine and agree on the goals and rules of engagement of the exercise with the client. In this phase, the red team will explore and exploit targets, exfiltrate collected data and perform cleanup activities in order to achieve the agreed-upon operational (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Howard Poston. Read the original post at: