One of the biggest components in successfully managing your cybersecurity programs is a strong risk management plan. In order to successfully mitigate risks, they must be prioritized based on their overall effect on the organization. The major keys to reducing the impact of any risk to a project are to recognize, prioritize, and control. [...]
A security red-team is a test that aims to assess the security level of an organization, identify main weaknesses in its security posture, provide insights about the organization’s resilience level, and reveal how prepared it is to withstand a real-life attack.
The way to provide such assessment is by simulating real cyber-attack. The standard process of a security red-team involves the following stages:
Planning – working with a client to define the scope, timeline objectives. Rules of engagements and etc.
Information Gathering – This stage may be also called threat intelligence or reconnaissance. This is the stage where the team collects information about the potential attack surface and build an attack plan
Initial Penetration – Finding the first point of access which may be an external facing server, a user endpoint or any other endpoint in the organization network
Establishing control – Usually involves elevation of privileges and establishing some method of remote control (reverse shell, web shell, RDP access and etc.)
Lateral movement and Trophy Hunt – Once the team has established some type of control of internal resources in the network, it is time to move forward and access the most valuable assets of the organizations (e.g. access the payment system and prove you can make a transaction). These trophies are defined together with the customer at the planning stage.