Professional Red Teaming

Jacob G. Oakley spent over seven years in the US Marines and was one of the founding members of the operational arm of the Marine Corps Forces Cyberspace Command at NSA, Ft. Meade. He left that unit as the senior Marine Corps operator and a division technical lead. After his enlistment he wrote and taught an advanced computer operations course, eventually returning back to mission support at Ft. Meade. He later left government contracting to do threat emulation and red teaming at a private company for commercial clients, serving as principal penetration tester and director of penetration testing and cyber operations. He is currently working as a cyber SME for a government customer. He completed his doctorate in IT at Towson University, researching and developing offensive cybersecurity methods and is the technical reviewer of the book Cyber Operations, second edition, by Mike O'Leary.

Chapter 1: What is Red Teaming?



Goal: Convey to the reader what Cyber Red Teams are, and why they are used



* The Intent of the Cyber Red Team



* Advantages



* Disadvantages



* Proper and improper use



o Not for an Audit



o Not a Blue Team or Vulnerability Scanner







Chapter 2: The Case for Human Hackers



Goal: Convey to the reader the need for ethical hackers as part of the greater security apparatus



* Innovation in Automation



* Human Intuition



* Threat Hunting, not quite proactive enough



* Representing the actual threats which aren't scripts, etc







Chapter 3: The State of Modern Offensive Security



Goal: Convey to the reader the challenges offensive security practitioners face



* The Challenge of APTs



o More Capable



o More Time



o Infinite Scope



o No ROE



* Innovation Obstacles



* Pigeon-Hole & Stigma



o Unrealistic expectations



o Failure isn't an option



* Vague Standards



* Meaningless results



* Adversarial Customers







Chapter 4: Shaping



Goal: An understanding of the discussions and resources that go into the initiation of a successful engagement



* Scoping - Targets



o Personnel involved in scoping



o Black list / white list pros & cons



* Scoping - Schedule



o Overall window



o Daily window



* Staffing



* Tools



o Custom tools



o Custom assessors (SCADA, etc)



o Open source



o Industry norms







Chapter 5: Rules of Engagement



Goal: convey to the readers an understanding of the various ROE components and how to create a realistic and successfully implemented ROE



* Goals of the ROE



* Different kinds of tests and their requirements in ROE



o Wireless



o Physical



o Social Engineering



o External



o Internal



* Appropriate personnel



o Contractors vs customer



o Tester information



Source IP



Contacts



Chain of command



o Legal vetting



* Do's and Don'ts







Chapter 6: Executing



Goal: convey to the readers aspects of professionally executing a red team engagement.



* Being a Professional Thief



o Breaking in is fun, but not always needed



o Understanding the impact of your actions and attitude



o The importance of communication



Updates



Interaction



* Good Tradecraft



* Keeping an eye out for real threats



o Hackers



o Inside threats



o Extremely dangers situations



o Illegal situations







Chapter 7, tentative title: Reporting



Goal: convey to the readers aspects of impactful red team reporting



* What to include and how



o The audience is typically much less technical



o Don't make people worried for their jobs



* Offering mitigating circumstances



* Severity of findings



o Danger to the system



o Danger to the organization



* A No findings Report







Chapter 8: Purple Teaming



Goal: convey to the readers the challenges, disadvantages and benefits of purple teaming



* What is purple teaming



* The witting host



* The smokey jab



* The helpful Hacker



o Helping fix







Chapter 9: Counter-APT Red Teaming, a Reverse Red Teaming concept



Goal: convey to the readers the high level concept of CAPTR Teaming



* Scoping Changes: Worst-Cast Scenario Risk Assessment



* Process Changes: Initialization Perspective & Reverse Pivot Chaining



* Reporting Changes: Cost Benefit Improvement







Chapter 10: Outcome-Oriented Scoping Process



Goal: Convey to the reader how CAPTR Team scoping is accomplished



* Worst-Case Scenario Risk assessment



* Centrality Analysis



* Asset Prioritization and the Risk Apogee







Chapter 11: Initialization Perspectives



Goal: Convey to the reader use of the Critical Perspective



* Traditional Perspectives



* Critical Perspectives



* The Big Picture







Chapter 12: Reverse Pivot-Chaining



Goal: Convey to the reader how to conduct reverse pivot chaining and its benefits



* Local, Passive Intelligence Gathering



* Reverse Risk Relationships



* Pivoting







Chapter 13: The Aggregate Exposure Topography



Goal: Convey to the reader how to conduct CAPTR Team reporting and its benefits



* The web of Reverse Risk Relationships



* Centrality Analysis and Cumulative Risk Cardinality



* Creating a Strategy of Hierarchical Threat Mitigation







Chapter 14: Evaluating Offensive Security Processes



Goal: Convey to the reader the challenges and needs involved in evaluating such a tradecraft driven art-like process in information security



* Evaluating Traditional Security Technology



* Defensibility Requirements



* Appropriate Test-Bed







Chapter 15: The Experiment



Goal: Convey to the reader experiment design for evaluating CAPTR Teaming, the Experiment process and results.



* Design



* Procedure



* Results