For the majority of people in the information security world, the act of offensive hacking is something they are tasked with protecting against but have little ability to do themselves. That is like asking a professional boxer to enter the ring without knowing how to throw a punch. Sure, you may be able to get in and last a few rounds, but eventually, a formidable opponent will wear you down and knock you out.
In the information security world, the individuals who would perform offensive hacking against your own organizational assets are known as the red team. On the flip side, those defending against any attacks are known as the blue team. Both sets of team members have their unique set of skills. In an ideal world, both teams work together and learn from each other, aptly called a purple team.
However, many organizations do not have the budget in the security team to operate a red team. The focus is heavily on protecting what is in house, and the resources to do that are often times stretched thin. If your staff is already understaffed and overworked, there are not a lot of options to introduce the concept of red teaming in your organization. If you are able to though, there are opportunities to gain the benefits of red teaming without the operational overhead of running a full red team program.
Two of the better free tools I use when performing security assessments are Atomic Red Team and Caldera. Atomic Red Team is from Red Canary and has a repository of hundreds of atomics, which are individual items mapped directly to MITRE ATT&CK. The beauty of these atomics is that they provide simple commands you can run directly on assets to test the security of the endpoint. For example, copy (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Travis Smith. Read the original post at: https://www.tripwire.com/state-of-security/security-awareness/events/red-blue-teamers-practical-approach-using-open-source-tools/