Red Teaming Overview, Assessment & Methodology

Introduction

As we all know today, the cybersecurity threat landscape is a dynamic one and is constantly changing. The cyberattacker of today uses a mix of both traditional and advanced hacking techniques. On top of this, they even create new variants of them.

A perfect example of this is phishing. Traditionally, this involved sending a malicious attachment and/or link. But now the concepts of social engineering are being incorporated into it, as it is in the case of Business Email Compromise (BEC).

The cyberattacker of today is also much more patient when launching their threat vectors. For instance, rather than use a brute-force, all-or-nothing approach, they prefer a slow, methodical one. They are now taking their own time to select and study their targets. They are also trying to find the weakest link in the security chain of a corporation or business.

Once they find this, the cyberattacker cautiously makes their way into this gap and slowly starts to deploy their malicious payloads. The goal now is not to just get the proverbial crown jewels all at once, but rather take them slowly, so that they can stay in an IT Infrastructure for long periods of time while going unnoticed.

Thus, organizations are having much a harder time detecting this new modus operandi of the cyberattacker. The only way to prevent this is to discover any unknown holes or weaknesses in their lines of defense. One of the surefire ways of detecting these is through penetration testing. With this, you have individuals or even teams working in harmony with each other to find them and recommending ways to make them secure.

If the penetration testing engagement is an extensive and long one, there will typically be three types of teams involved:

    1. The Red Team: This group acts like the cyberattacker (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Ravi Das (writer/revisions editor). Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/G9vOPwAtcRo/