Red Team Assessment Phases: Target Identification

The third phase of a red team assessment is target identification. In this phase, the red team moves from general information collected about the target to detailed information and potential plans for gaining access to the target environment and preparing to achieve operational objectives.

Scoping the Phase

In the reconnaissance phase of the assessment, the red team collects “big picture” information about the target. This involves getting a picture of the organization’s operations and defenses and identifying potential paths to achieving the goals of the operation. These operations are mostly “passive” in nature, not interacting with the target’s systems or doing anything with a high probability of detection.

As part of target identification, the red team takes a deeper, more active look at certain systems on the target network. Based on the information collected as part of reconnaissance, the team can target their data collection efforts toward targets which may provide access to the target network and use techniques less likely to be detected by the target. The goal of the phase is to collect the information necessary to generate a plan of attack for gaining access to the network.

Achieving Phase Goals

The end goal of the target identification phase is finding one or more ways in which the red team can gain access to the target system and achieve their objectives. The previous phases of planning and reconnaissance are designed to provide a rough plan and high-level data, and, in this phase, the red team works to fill in the holes. The main goals of this phase are collecting detailed data on potential targets and analyzing it to develop potential plans of attack.

Data Collection

In the target identification phase, the red team starts actively performing data collection on the target network. This primarily consists of network scanning, (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/Kg3Q7wkgOE8/