-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathRed Team Engagements
129 lines (69 loc) · 2.66 KB
/
Red Team Engagements
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
- Red Team Engagements -
Learn the steps and procedures of a red team engagement, including planning, frameworks, and documentation.
Task 1 Introduction
Answer the questions below
Read the above and continue to the next task.
No answer needed
Task 2 Defining Scope and Objectives
Answer the questions below
Read the example client objectives and answer the questions below.
No answer needed
What CIDR range is permitted to be attacked?
10.0.4.0/22
Is the use of white cards permitted? (Y/N)
Y
Are you permitted to access "*.bethechange.xyz?" (Y/N)
N
Task 3 Rules of Engagement
Download the sample rules of engagement from the task files.
Once downloaded, read the sample document and answer the questions below.
No answer needed
How many explicit restrictions are specified?
3
What is the first access type mentioned in the document?
Phishing
Is the red team permitted to attack 192.168.1.0/24? (Y/N)
N
Task 4 Campaign Planning
1. Read the above and move on to engagement documentation.
No answer is needed
Task 5: Engagement Documentation
1. Read the above and move on to upcoming engagement-specific tasks.
No answer is needed
Task 6: Concept of Operations
Based on customer security posture and maturity, the TTP of the threat group: FIN6, will be employed throughout the engagement.
No answer needed
How long will the engagement last?
1 Month
How long is the red cell expected to maintain persistence?
3 Weeks
What is the primary tool used within the engagement?
Cobalt Strike
Task 7 Resource Plan
Navigate to the "View Site" button and read the provided resource plan. Once complete, answer the questions below.
No answer needed
When will the engagement end? (MM/DD/YYYY)
11/14/2021
What is the budget the red team has for AWS cloud cost?
$1000
Are there any miscellaneous requirements for the engagement? (Y/N)
N
Task 8 Operations Plan
Navigate to the "View Site" button and read the provided operations plan. Once complete, answer the questions below.
No answer needed
What phishing method will be employed during the initial access phase?
Spearphishing
What site will be utilized for communication between the client and the red cell?
vectr.io
If there is a system outage, the red cell will continue with the engagement. (T/F)
F
Task 9 Mission Plan
Navigate to the "View Site" button and read the provided mission plan. Once complete, answer the questions below.
No answer needed
When will the phishing campaign end? (mm/dd/yyyy)
10/23/2021
Are you permitted to attack 10.10.6.78? (Y/N)
N
When a stopping condition is encountered, you should continue working and determine the solution yourself without a team lead. (T/F)
F
Task 10 Conclusion