The document discusses the roles and techniques of red teams and blue teams, with the red team focusing on simulating real threats through activities like social engineering and identifying vulnerabilities, while the blue team aims to assess risks, minimize damage from attacks, and apply lessons learned to strengthen processes, people, and technology. It provides examples of tactics for each team and emphasizes the importance of collaboration between red and blue teams to continuously improve an organization's security.
25. Red Team Blue Team
• Simulate real
intelligence gathering
• Create key personnel
profiles
• Identify social weak
points
!
• Identify and control
public information
• Train key personnel on
personal safety
• Work with HR on social
issues
26. The RAP Console is unauthenticated and displays information about the access point. Figure 1
shows a screenshot of the RAP Console home page.
Figure 1: Unauthenticated RAP Console
On the Diagnostics tab it is possible to view the conn_log, sapd_debug, dmseg, and rapper
debug logs. The rapper debug log will log the PAP Username:
27. The RAP Console is unauthenticated and displays information about the access point. Figure 1
shows a screenshot of the RAP Console home page.
Figure 1: Unauthenticated RAP Console
On the Diagnostics tab it is possible to view the conn_log, sapd_debug, dmseg, and rapper
debug logs. The rapper debug log will log the PAP Username:
Wireless Network Penetration Testing Services
setup_tunnel
Initialized Timers
IKE_init: completed after (0.0)
(pid:16341) time:1999-12-31 16:37:53
seconds.
Before getting PSK
PSK:****** User:xiaobo1 Pass:******
A more serious information disclosure is the “Generate & save support file” option available on
the home page of the RAP Console. The support.tgz file contained 73 files, including the ikepsk,
pappasswd, and papuser files, as shown in Figure 2.
28. Red Team Blue Team
• Supply chain
compromise
• Piercing the perimeter
paradigm
• Access internal
resources without
controls
!
• IT is solid - go beyond
the technology
• Expand monitoring
towards the “unknown”
• Role based access
controls on top of
location/asset based.
29.
30.
31.
32.
33.
34. Red Team Blue Team
• Uncover new/
undocumented assets
• Leverage technical issues
in devices that control
environment
• Combine environment
control with social
engineering
• Expand control base
into additional aspects of
business
• Recruit stakeholders
• Train and educate
personnel from other
business units, learn the
details of their business
35.
36.
37.
38. Red Team Blue Team
• Access critical assets
out of their element
• Avoid triggering alarms
on heavily guarded areas
!
!
• Scope secondary/
tertiary locations for
assets
• Correlate alerts for
same asset category
39.
40.
41. Red Team Blue Team
• Access non-production
equipment.
• Implant backdoors for
later use
!
!
• Involvement in security
should be started in
early phases of design
and testing
• Test-to-production
should be scrutinized
and no test setup should
be relied on (same for
default manufacturer
settings)
42.
43. Red Team Blue Team
• Virtualized
environments and out of
band management for
servers compromises
• Completely bypass host
security. Full access to
bios level configuration,
full KVM access
remotely.
!
• Datacenter security -
both physical, as well as
internal and vendor
support
• Logging and auditing of
all access to assets -
including correlation of
local and remote access
with additional
footprints (doors,VPNs)
48. • ROI
• Buy-In
• Identify Risks and Gaps
• Processes
• People
• Technology
• Reapply to Organization
Q1-1
20
40
60
80
Blue Red
49. • ROI
• Buy-In
• Identify Risks and Gaps
• Processes
• People
• Technology
• Reapply to Organization
Q3-2
20
40
60
80
Blue Red
50. Retest /Verify
You can’t just click “go”
again…
!
!
Retest/verify means
reasserting core issue is
addressed - to create new
scenario that includes it!