Red Team Service

Founded by information security experts who worked for many years at TÜBİTAK National Electronics and Cryptology Research Institute (UEKAE), BTYÖN aims to provide you with the best service for your Red Team needs. Be the first to find your vulnerabilities with Red Team operations carried out by Offensive Security Certified Professional (OSCP), TSE Senior Penetration Testing Expert and Certified Ethical Hacker - CEH certified experts.

What is Red Team?

The scope of cyber security threats is becoming dynamic and constantly changing. Today, attackers create a type of attack by mixing traditional and newly developed techniques. In addition, new types of attacks are created every day. There is the weakest point in the security chain of companies, and companies are harmed by using this point. In order to avoid such weak points in companies and to strengthen the security chain, a type of operation called Red Team has emerged.

The aim of Red Team operations is to see the big picture and bring this perspective to the infrastructure of the organization. A certain fictional simulation is prepared and tested for organizations, and the resulting physical, network, application and social engineering vulnerabilities are evaluated and the organization is informed. The better the fiction, the better prepared the organization will be for real-life attacks.

Red Team Evaluation

In order to carry out a Red Team operation with any institution, a Red Team evaluation must first be made, and these evaluations vary depending on the institution's line of defense in the field of cyber security. By making this evaluation, people who will carry out the Red Team operation can organize the operation with a better setup for the IT and network infrastructure architecture. In particular, the following associated substances should be carefully examined internally:
• Digital values ​​        
• Physical values ​​        
• Technical operations        
• Operational operations

Along with evaluating the above items, the Red Team should be able to answer the following three questions:
1. If organizational values ​​experience a major cyber attack, what effects will occur within the organization? What is lost from the organization in terms of finances and reputation?
2. What could be the effects in case of an attack on some trusted infrastructures after all evaluations and procedures are carried out?
3. Based on the organization's values ​​and operations, which is the easiest to attack?

Red Team Activity Surface

After the necessary procedures and evaluations for the organization are made, a list of requirements for various vulnerabilities and cyber attacks is created. Like penetration testing, Red Team operations have a list or schema that they follow; However, this list is more comprehensive and more detailed in terms of threat vectors. The following examples discuss the attack surface of Red Team operations:

1. Email and Phone-based Social Engineering Attacks: These attacks, also known as phishing attacks, are tried as the first door to enter the institution or organization.
.2. Network services: Actions are taken to find vulnerabilities or weaknesses by examining the flows in servers and network traffic. The most vulnerable ones are servers that are misconfigured or not updated, and these situations provide a great advantage to the team performing the action in Red Team operations.
3. Physical Layer: At this level, in the Red Team operation, a physical vulnerability is tried to be found within the organization and it is tested whether it is possible to enter the organization as an employee and access important places such as any identity information or data centers.
4. Application Layer: At this level, vulnerability assessment is carried out on any application detected by the institution in the Red Team operation, and as a result of this evaluation, the listed threat vectors are attacked.

Red Team Methodology

Just as it is a methodology followed when applying penetration tests, it is also a methodology followed in Red Team operations. For example, the entire IT and network infrastructure is evaluated and separated into certain sections. Critical points are determined based on certain functions. These points can be made within a specific software (Web Application, etc.) or a physical point. The common methodology for Red Team goes like this:

1. The Scope: This point determines the general purpose and scope of the operation to be performed. For example:a. The targets to be attacked should be listed.b. Operation rules should be determined.c. Points that will not be included in the attack surface should be determined.d. An acceptable time period should be determined.e. Necessary permissions must be obtained from the institution.
2. Recon: In this phase, necessary information and data about the organization are collected and contributed to the Red Team operation. This phase is the most critical and necessary part for the Red Team operation. The following examples explain the situation better:
a. The IP address range, ports and related services of the institution are determined.
b. API endpoints associated with mobile or wireless network devices are detected.
c. Information such as employees' e-mails, social media profiles, phone numbers and ID numbers are obtained.
d. The identity information of any employee can be targeted.
e. If there is any embedded structure related to network and IT, it is detected.

3. Planning and Mapping: In this section, the points at which the attacks will be made and the mapping of the attack are discussed. Below are examples of factors:
a. Subdomains that are not publicly accessible should be determined.
b. Misconfigurations in cloud-based infrastructures should be identified.
c. Weak authentication points should be identified.
d. Vulnerabilities and weaknesses in the network and applications should be noted.
e. After the vulnerabilities are exploited, how far should we go and the vulnerabilities that may be encountered should be identified.
f. Social engineering scripts should be prepared.

4. Performing of Attack: This point is the part of attacking the planned entry points and putting the preparations into practice. Example attacks are listed below:
a. Known vulnerabilities in target applications are exploited.
b. It has an impact on the applications used to develop software.
c. Efforts are made to provide access to structures in the IT and network infrastructure. These structures can be firewalls, routers, servers and WiFi points.
d. User-side applications are attacked. (Mostly Web applications)

5. Documentation and Reporting: This part can be considered as the last phase of the methodology. The components and results of the operation performed on the organization are mentioned. The content of the report mentions:
a. What types of attacks occur and what are their effects.
b. The security effects of the found vulnerabilities and vulnerabilities are mentioned.
c. The security degrees of the exploited points are mentioned.
d. The improvement parts of the vulnerabilities found in the actions taken are mentioned.
e. It talks about what might happen if the necessary precautions are not taken.

Profit of Red Team Organizations

Verification of responses to cyber attacks: The vulnerabilities and attack surface that emerge as a result of the operations are determined. It confirms how reliable the institution is in terms of defense and how it deals with threats.

Security Risk Classification is Created: Weaknesses and weaknesses within the institution are identified. After the configurations and security updates of the IT and network infrastructure are checked, a result is determined as to which risk class the institution is in terms of security.

Security Weaknesses Are Revealed: As a result of the operations carried out, Red Team reveals weaknesses in security points.

Conclusion
In summary, Red Team operations such as penetration testing also provide significant benefits to the organization in terms of security. The biggest difference from penetration testing is that while a cyber attack scenario is created in Red Team operations, this scenario is implemented in penetration testing. In Red Team operations, real-life scenarios are created by looking outside the box and attack vectors are based on these.

For more information

Address
19 Mayıs Mah. İnönü Caddesi. Sümer Sokak. Zitaş Blokları.
C-1 Blok Daire:8 34736 Kadıköy İSTANBUL
Contact
0 (216) 380 00 70
info@btyon.com.tr
© 2011-2024 BTYON. All right reserved.
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.