Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kickstarting your in-house Red Team: Challenges...

Daniel Marques
June 10, 2023
Technology
1
640

Kickstarting your in-house Red Team: Challenges and approaches

BSidesSATX 2023 (Jun/23)

You have to build your organization’s Red Team from scratch. Where do you start? Organizations building internal red teams and penetration testing programs to keep up with the latest threats typically face three challenges: translating results to other security functions and leadership, aligning the red team program with business objectives, and demonstrating value.

This talk aims to help attendees address these challenges and kickstart their internal red team programs by:

- Outlining challenges, positive results, and setbacks identified while building internal red team programs;
- Proposing approaches to improving communication, integrating enterprise functions, and measuring program effectiveness
- Discussing our experiences managing a team of red team operators, helping organizations build a red team program, and what was observed in many companies trying to develop similar initiatives.

The goal is to help attendees kickstart an in-house red team program, providing ideas to communicate with other security functions, keep red team operators engaged, and deliver meaningful outcomes aligned with the overall cybersecurity goals. After the talk, attendees should be capable of taking the first steps toward deploying a team focused on improving the organization’s security posture instead of rinse-and-repeat testing.

BSides SATX 2023: https://cfp.bsidessatx.com/2023/talk/DRMSQQ/

Daniel Marques

June 10, 2023
Tweet

More Decks by Daniel Marques

See All by Daniel Marques
Kickstart Your Enterprise Red Team
0xc0da
0
110
The Red Teamer's Guide To Building A Program
0xc0da
0
370
A Song of Hashes and Dumps: What I've learned from cracking .br passwords
0xc0da
1
500
Python para Análises de Segurança (ERSI-2014)
0xc0da
1
85
Game of Hashes: Quebrando, passando e libertando senhas
0xc0da
0
260
Badass XSS: Esqueça o alert e vá para mundo real
0xc0da
0
110

Other Decks in Technology

See All in Technology
FlutterアプリにおけるSLI/SLOを用いたユーザー体験の可視化と計測基盤構築
ostk0069
0
100
Introduction to Works of ML Engineer in LY Corporation
lycorp_recruit_jp
0
140
TanStack Routerに移行するのかい しないのかい、どっちなんだい! / Are you going to migrate to TanStack Router or not? Which one is it?
kaminashi
0
600
The Role of Developer Relations in AI Product Success.
giftojabu1
0
130
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
130
アプリエンジニアのためのGraphQL入門.pdf
spycwolf
0
100
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
190
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
isaoshimizu
3
630
ドメインの本質を掴む / Get the essence of the domain
sinsoku
2
160
DynamoDB でスロットリングが発生したとき/when_throttling_occurs_in_dynamodb_short
emiki
0
250
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
300k
SRE×AIOpsを始めよう!GuardDutyによるお手軽脅威検出
amixedcolor
0
170

Featured

See All Featured
Mobile First: as difficult as doing things right
swwweet
222
8.9k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.2k
Building Adaptive Systems
keathley
38
2.3k
Making Projects Easy
brettharned
115
5.9k
Ruby is Unlike a Banana
tanoku
97
11k
Adopting Sorbet at Scale
ufuk
73
9.1k
The Pragmatic Product Professional
lauravandoore
31
6.3k
Making the Leap to Tech Lead
cromwellryan
133
8.9k

Transcript

  1. Kickstarting your in-house Red Team Challenges and approaches Daniel C.

    Marques (@0xc0da) Victoria Dea

  2. Disclaimer: The views and opinions expressed in this talk are

    our own and do not necessarily represent those of our employer. These slides are for educational purpose only and are not to be relied upon as professional advice.

  3. Victoria Dea Daniel Marques @0xc0da

  4. Does it look familiar? Scope Test Report Fix Can somebody

    hack {…} ? Where do I start?

  5. Penetration Testing vs. Breach & Attack Simulation vs. Red Teaming?

    They all have different goals and serve different purposes. Coverage and exploitability Automation and scalability Improve detection and response

  6. THE RED TEAM GOAL IS TO HELP IMPROVE RESILIENCE Challenging

    Assumptions Demonstrating Impact Emulating Adversaries

  7. DO YOU NEED A. RED TEAM PROGRAM? Which bears the

    question, Structured red team operations Tailored to organization needs Improve support for teams Demonstrate value Maybe.

  8. THERE ARE CHALLENGES, SPECIALLY INTEGRATING WITH OTHER FUNCTIONS Misalignment with

    business objectives Define reasonable metrics Communicating objectives and results

  9. Hiring, retaining, and training red teamers Challenge in the people

    space

  10. Software & Hardware & Lab setup* *or justifying dedicated red

    team tech

  11. You might be asking yourself WHERE DO I START?

  12. Why How What Simon Sinek’s Golden Circle Define the mission,

    vision, and goals focused on your business. “Start with the why”

  13. COMPARE CURRENT AND DESIRED STATE TO DEVELOP A ROADMAP.

  14. redteams.fyi Red Team Maturity Models Jordan Potti Noah Potti Trevin

    Edgeworth redteammaturity.com Brent Harrell Garet Stroup

  15. Think in terms of initiatives the red team can support.

    START SMALL BUT PLAN FOR THE FUTURE

  16. STANDARDIZE EARLY IN THE PROCESS Operational procedures Report templates Findings

    and recommendations

  17. Relationships matter. Remember: It is not about us. It is

    about them. https://danielmiessler.com/study/red-blue-purple-teams/

  18. Are you testing what matters? TALK TO YOUR RISK MANAGEMENT

    TEAM.

  19. we need a taxonomy. To improve communication https://attack.mitre.org/ Contextualize vulnerabilities

    Blue team: Map threat behavior to attack path Structured profile-based operations

  20. When communicating results up ALIGN FIRST WITH OTHER TEAMS Show

    improvements for detection and response Prepare a remediation plan Tell a story that makes sense and demonstrates impact

  21. We need to talk about METRICS

  22. answer questions Metrics should What has the team achieved? What

    positive impact is the red team creating? Are we helping other teams to advance?

  23. .Program metrics. vs .Campaign metrics. Is the program advancing? What

    was the operation’s outcome? Operations Planned x Performed New detections created Time to initial access Time to detection Time to recover Attack Path Initial Detection Based on the works of Jordan Potti, Cedric Owens, and Daniel Marques Attack Path Stage Reached Critical processes covered Mean time metrics

  24. Key. Takeaways Communication is essential Be flexible and support other

    cybersecurity teams Standardize early and review often Adopt reasonable metrics

  25. Thank you!

  26. Images • https://www.pexels.com/photo/hands-typing-on-a-laptop-keyboard-5483077/ • https://www.pexels.com/photo/top-view-photo-of-people-near-wooden-table-3183150/ • https://www.pexels.com/photo/person-rock-climbing-3077882/ • https://www.pexels.com/photo/words-in-dictionary-4440720/ •

    https://www.pexels.com/photo/road-landscape-mountains-nature-63324/ • https://www.pexels.com/photo/marketing-businessman-person-hands-6801647/ • https://www.pexels.com/photo/start-written-on-asphalt-2646531/ • https://www.pexels.com/photo/three-woman-talking-near-white-wooden-table-inside-room-1181619/ • https://www.pexels.com/photo/red-hoodie-3054218/ • https://www.pexels.com/photo/black-and-white-browsing-business-coffee-265152/ • https://www.pexels.com/photo/man-in-black-crew-neck-long-sleeve-shirt-9558577/

  27. References • https://attack.mitre.org/ • https://dispatch.redteams.fyi/guidance-on-measurements/ • https://github.com/cedowens/Rolling_Op_Metrics • https://medium.com/red-teaming-with-a-blue-team-mentality/helpful-red-team-operation-metrics-fabe5e74c4ac •

    https://www.redteams.fyi/ • https://www.redteammaturity.com