Red Teaming (with Joe Vest & James Tubberville)

Red Teaming (with Joe Vest & James Tubberville)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 34

GUEST:Joe Vest & James Tubberville

January 23, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, Blubrry, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

RED TEAMING (WITH JOE VEST & JAMES TUBBERVILLE)

SHOW NOTES

PART 1

Joe introduces Joe and James. Joe Vest tells us about his background in journey to Information Security and Penetration Testing. He explains that he and James were Red Teaming together then founded Minis with James. James echoes Joe’s sentiments and path. Mr. Vest tells us about how he had to break things as a system administrator to better understand how to secure them. He also tells us how to break into information security via system or network administration. Joe Gray tells us his advice to people trying to get into security. Mr. Vest talks about being passionate about technology which leads to a discussion about enthusiasm versus knowledge and experience.

We talk about the relationship between offense and defense; red and blue. We then transition into a discussion about FamilyTreeNow.com for the current event. It is discussed as an OSINT Playground. Mr. vest talks about “getting personal” when collecting data about targets. James talks about verifying relationships and build a smart password list and profile/dossier on targets. Joe Gray talks about his new FamilyTreeNow phishing proof of concept and the psychology behind making it work. We talk about the burden being on the user and best practices for creating awareness programs.

PART 2

Red Teaming (with Joe Vest & James Tubberville)We kick this segment with Mr. Vest discussing what types of penetration testing are used. Mr. Vest talks about the inverse triangle to the left that describes the focus in security assessment and testing. He talks about the realization of vulnerabilities in scope as the triangle narrows. Red Teaming is focused on specific scenarios and goals of which are called “Operational Impacts.” These are what makes organizations tick. Essentially, where can the organization be exploited to a point to cause catastrophic outcome for the organization. Think the worst case scenario for an organization.

This allows organizations to see what capabilities threat actors possess while measuring their security controls, defensive controls and procedures, and exercise their detection and response. Red Teaming is not specifically penetration testing on steroids. Red Teaming is more focused on meeting an objective to enable the organization to assess and measure their security posture and operations. Everything is goal driven. Mr. Vest talks about white carding and the assumed breach model. James talks about the correlation with penetration testing.

We discuss the maturity requirements for penetration testing and compare it to the maturity required for Red Teaming. Mr. Vest talks about providing value to an organization through engagement via red teaming psychology and goals. James clarifies that Blue Team is more than just traditional security defenders and includes Help Desk, System Admins, Networks, and BCP/DRP. Mr. Vest correlates Vulnerability Assessment and Penetration Testing to good security hygiene.

PART 3

James and Joe give us a war story about an engagement that dealt with an external access objective and an operational impact objective. The client CIO asked for a phishing campaign to demonstrate access. James and Joe noted that the client had sensitive files on a network that was not explicitly segregated as thought so. The impacts that dealt with detection and determining compromise and resiliency were implemented.

While ramping up presence (to attempt to be detected), the team quickly realized that they needed to make more noise to gain the attention of the blue team. They deployed EICAR, images, and audio bytes to get noticed. The blue team noticed this and made an announcement for all personnel to stop using network assets, causing a near 6 hour interruption. The blue team started pulling cables after they realized that a reboot did not work. The sound byte was selected from the Non-Rick Roll song below:

ABOUT Joe

Joe Vest has worked in the information technology industry for over 17 years with a focus on red teaming, penetration testing and application security. As a former technical lead for a DoD red team, he has extensive knowledge of cyber threats and their tools, tactics and techniques, including threat emulation and threat detection. Joe is the co-founder of MINIS LLC, providing innovative solutions for the mitigation against an ever-changing cyber threat. He is the technical editor for the book Red Team Field Manual (RTFM) and holds numerous security certifications. OSCP, CISSP-ISSMP, CISA, GPEN, GCIH, GWAPT, CEH

CONTACTING Joe:

Twitter: @JoeVest
LinkedIn
Email

ABOUT James

James’ Biography is coming soon.

CONTACTING James:

LinkedIn
Email

ABOUT Minis

Minis Website
Find Minis Github
Minis on LinkedIn
Find Minis on Twitter
Minis ThreatExchange Blog

joe and james’ SANS Course

Security 564: Red Team Operations and Threat Emulation


JOE’S Sword & Shield BLOG Post

Sword & Shield Blog
Hosted Locally on Advanced Persistent Security

JOE’S BLOG ON CISOCast

CISOCast

Joe’s Blog on Jenny Radcliffe’s Deception Chronicle

Jenny Radcliffe’s Deception Chronicles
Hosted Locally on Advanced Persistent Security

Joe’s Dyn DDOS Blog on Tripwire:

Tripwire
Hosted Locally on Advanced Persistent Security

Joe’s Ranking in the AlienVault Top Blogs of 2016:

AlienVault
Hosted Locally on Advanced Persistent Security

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault


JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:


Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required