Red Team Assessment Phases: Gaining Access

This phase is the first of several where the red team actively interacts with the target’s environment. Some of these phases tend to blend together, as the line between gaining initial access and establishing a foothold on the target network can be a fine one. In the gaining access phase, the red team takes steps to bypass the organization’s defenses and finds a way to establish some access to internal systems. In the next phase, the team works on improving this level of access to meet the objectives of the red team operation.

Scoping the Stage

The goal of this phase of the assessment is to gain access to the target environment and an initial foothold on the target network. This can be accomplished in a variety of ways, and, in the previous phase, the red team prepares a few rough plans on how to do so. In this phase, the red team selects a plan of action and executes it. If successful, the phase is completed. Otherwise, they continue the cycle of collecting information about the target system, selecting a plan of attack, and executing the plan until successful or the assessment has been rendered impossible to complete due to the detection of the attack by security personnel.

Achieving Phase Goals

The end goal of this phase is to create a foothold on the target network. To accomplish this, the red team needs to select a plan of attack and execute it, defeating digital and/or physical defenses on their way.

Identifying a Route

If the red team has done their job properly in previous phases, they have one or more plans for breaching the target network. If they have multiple plans or flexible plans, some options may be better and less likely to be detected than others. Ideally, one (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Howard Poston. Read the original post at: