Red Teaming (with Joe Vest & James Tubberville)
Red Teaming (with Joe Vest & James Tubberville)
ADVANCED PERSISTENT SECURITY PODCAST
EPISODE 34
GUEST:Joe Vest & James Tubberville
January 23, 2017
If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, Blubrry, and YouTube.
NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers
RED TEAMING (WITH JOE VEST & JAMES TUBBERVILLE)
SHOW NOTES
PART 1
Joe introduces Joe and James. Joe Vest tells us about his background in journey to Information Security and Penetration Testing. He explains that he and James were Red Teaming together then founded Minis with James. James echoes Joe’s sentiments and path. Mr. Vest tells us about how he had to break things as a system administrator to better understand how to secure them. He also tells us how to break into information security via system or network administration. Joe Gray tells us his advice to people trying to get into security. Mr. Vest talks about being passionate about technology which leads to a discussion about enthusiasm versus knowledge and experience.
We talk about the relationship between offense and defense; red and blue. We then transition into a discussion about FamilyTreeNow.com for the current event. It is discussed as an OSINT Playground. Mr. vest talks about “getting personal” when collecting data about targets. James talks about verifying relationships and build a smart password list and profile/dossier on targets. Joe Gray talks about his new FamilyTreeNow phishing proof of concept and the psychology behind making it work. We talk about the burden being on the user and best practices for creating awareness programs.
PART 2
We kick this segment with Mr. Vest discussing what types of penetration testing are used. Mr. Vest talks about the inverse triangle to the left that describes the focus in security assessment and testing. He talks about the realization of vulnerabilities in scope as the triangle narrows. Red Teaming is focused on specific scenarios and goals of which are called “Operational Impacts.” These are what makes organizations tick. Essentially, where can the organization be exploited to a point to cause catastrophic outcome for the organization. Think the worst case scenario for an organization.
This allows organizations to see what capabilities threat actors possess while measuring their security controls, defensive controls and procedures, and exercise their detection and response. Red Teaming is not specifically penetration testing on steroids. Red Teaming is more focused on meeting an objective to enable the organization to assess and measure their security posture and operations. Everything is goal driven. Mr. Vest talks about white carding and the assumed breach model. James talks about the correlation with penetration testing.
We discuss the maturity requirements for penetration testing and compare it to the maturity required for Red Teaming. Mr. Vest talks about providing value to an organization through engagement via red teaming psychology and goals. James clarifies that Blue Team is more than just traditional security defenders and includes Help Desk, System Admins, Networks, and BCP/DRP. Mr. Vest correlates Vulnerability Assessment and Penetration Testing to good security hygiene.
PART 3
James and Joe give us a war story about an engagement that dealt with an external access objective and an operational impact objective. The client CIO asked for a phishing campaign to demonstrate access. James and Joe noted that the client had sensitive files on a network that was not explicitly segregated as thought so. The impacts that dealt with detection and determining compromise and resiliency were implemented.
While ramping up presence (to attempt to be detected), the team quickly realized that they needed to make more noise to gain the attention of the blue team. They deployed EICAR, images, and audio bytes to get noticed. The blue team noticed this and made an announcement for all personnel to stop using network assets, causing a near 6 hour interruption. The blue team started pulling cables after they realized that a reboot did not work. The sound byte was selected from the Non-Rick Roll song below:
ABOUT Joe
Joe Vest has worked in the information technology industry for over 17 years with a focus on red teaming, penetration testing and application security. As a former technical lead for a DoD red team, he has extensive knowledge of cyber threats and their tools, tactics and techniques, including threat emulation and threat detection. Joe is the co-founder of MINIS LLC, providing innovative solutions for the mitigation against an ever-changing cyber threat. He is the technical editor for the book Red Team Field Manual (RTFM) and holds numerous security certifications. OSCP, CISSP-ISSMP, CISA, GPEN, GCIH, GWAPT, CEH
CONTACTING Joe:
Twitter: @JoeVest
ABOUT James
James’ Biography is coming soon.
CONTACTING James:
ABOUT Minis
Find Minis Github
Find Minis on Twitter
joe and james’ SANS Course
Security 564: Red Team Operations and Threat Emulation
JOE’S Sword & Shield BLOG Post
Hosted Locally on Advanced Persistent Security
JOE’S BLOG ON CISOCast
Joe’s Blog on Jenny Radcliffe’s Deception Chronicle
Jenny Radcliffe’s Deception Chronicles
Hosted Locally on Advanced Persistent Security
Joe’s Dyn DDOS Blog on Tripwire:
Hosted Locally on Advanced Persistent Security
Joe’s Ranking in the AlienVault Top Blogs of 2016:
Hosted Locally on Advanced Persistent Security
PASSWORD BLOG LINKS:
Hosted Locally on Advanced Persistent Security
WI-FI BLOG LINK:
Hosted Locally on Advanced Persistent Security
POWERSHELL LINK:
JOE’S BLOG ON ITSP:
When Friendly Thermostats & Toasters Join The IoT Dark Side
Joe’s Blog on Tripwire:
Burgling From an OSINT Point of View
Joe’s Blogs on Sword & Shield Enterprise Security’s site:
Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes
Joe’s Work with WATE 6 News in Knoxville, TN:
Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts
Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Enter your email address:
Delivered by FeedBurner
SUBSCRIBE TO OUR MAILING LIST
* indicates required
Email Address *
First Name
Last Name
The post Red Teaming (with Joe Vest & James Tubberville) first appeared on Advanced Persistent Security.