Getting started in Red Teaming
In this episode of Infosec’s cybersecurity podcast series Cyber Work, host Chris Sienko talks with Curtis Brazzell, managing security consultant at Pondurance, a managed detection and response cybersecurity firm. They discuss how Curtis got his start in security, the methodologies of Red Team operations and day-to-day Red Team operations and what the future looks like for Red Teaming.
If you’re searching for a solid introductory view of Red Teaming, look no further!
Earn two pentesting certifications at once!
Enroll in one boot camp to earn both your Certified Ethical Hacker (CEH) and CompTIA PenTest+ certifications — backed with an Exam Pass Guarantee.
Tell us about the intrusion detection and response platform you’ve been building in your spare time.
Curtis created an intrusion detection and response platform to serve home consumers. It was essentially a remote security operation center (SOC) that offered detection and response for threats on the network as well as malware removal and updating.
How did you get started in computers and security?
Curtis’ passion began in third grade when his elementary school was gifted Macintosh computers. He subsequently pushed this to the limit, causing his dad to notice and prompting him to buy Curtis his first personal computer — a Compaq Presario with Windows 95.
After beginning with website design and learning Visual Basic, he got into security around 1998 with a website called crashme.com. This website took advantage of a Windows 98 vulnerability that would crash your system if you visited the website. He reverse-engineered this vulnerability, which was what opened the floodgates of his security passion.
Can you explain what a Red Team is and how it relates to things like penetration testing?
Red Teaming refers to advanced targeted, real-world cyberattacks. It’s like penetration testing but goes one step further: you’re not just identifying vulnerabilities but going in blind for an attack. Red Teams use stealthier operations and advanced tactics than pentesting does.
A big part of Red Teaming is the physical aspect of Red Team operations, such as going on site, physically dropping a malicious USB and more. Another big part of Red Teaming is phishing: 91% of breaches result from phishing.
What made you want to take your career further into Red Teaming?
Going further into Red Teaming was a natural progression for Curtis, but earning honorable mention here is definitely the thrill of breaking in. Part of the excitement comes from problem-solving and thinking fast in the moment.
Curtis likes all aspects of security and saw Red Teaming as an opportunity to take security further and to see how far he could push the envelope. However, it should be noted that Red Teaming is not as “Hollywood” as you may think.
What makes a good Red Team member?
A variety of skills is what is needed to be a good Red Team member. Most members of Curtis’ team have varying backgrounds with IT — ex-administrators, developers, security and so on. Sometimes the natural progression within a Red Team is based on your background and the specific skills you have. For the most part, you will want to have a broad set of skills if you want to Red Team.
What experience, qualifications and accomplishments should you aim for to become a desirable Red Team candidate?
The most important thing is having a passion for Red Teaming. When Curtis hires for his team, he can tell if someone is passionate about security and has a desire to tinker around at home. Being proactive with learning new skills is necessary and makes a candidate more desirable.
How do Red Teams actually work?
Red Teaming works when their operation is as close to a real-world attack as possible. This means simulating real-world attack conditions such as not occurring during business hours, using advanced tactics, being zero-day and other aspects in order to create an authentic cyberattack experience.
What are some of the common methodologies that Red Teams employ?
Curtis says this could go however you want it to go — meaning it really all comes down to the Red Team tester. Some like gaining physical entry in certain ways, such as simply tailgating somebody into the site or picking a lock. Some like leaving rubber duckies on site for a physical USB attack to compromise the domain, and others opt to search for a VPN on the outside and use phishing to steal credentials.
Another aspect is the fact that every project is indeed different, which takes a lot of thinking creatively and trying different tactics.
What type of companies employ Red Teams (and can they benefit smaller organizations)?
All organizations should be Red Team-ready, but it may be overkill for smaller ones. For those first starting out with Red Teaming, begin with vulnerability scanning and move forward from there to eventually employing a Red Team.
How often should a company test their security with a Red Team?
This depends on the organization but generally speaking, once or twice annually.
What is “too far” when it comes to Red Team testing?
This is a very important question. It is important for Red Teams to have this conversation up front with the client regarding the rules of engagement for the Red Team operation. Red Teams will not do anything illegal, but some organizations may be OK with things such as picking locks and others may not, so it is important to establish these boundaries ahead of time.
How long does it take to complete a full Red Team assessment?
This depends on the assessment but generally, two to three weeks of testing. Turnaround time can vary, as the time it takes for documentation can take as long as the testing itself.
How do you report your findings to the company so they can close their security gaps?
Reporting is saved for after testing is complete unless there is a serious, glaring gap that needs immediate attention. An example of this is if anyone can remote onto the network from the public internet. If a gap like this is found, the organization’s IT can expect the proverbial phone call in the middle of the night about the issue from their Red Team.
What are your thoughts on Purple Teams?
Purple Teams are great! Red Teams get to try to bypass the security of Blue Teams, allowing them to try different methods. Blue Teams get to use the experience to improve their own security. It’s definitely a win-win for both teams.
What’s the future of Red Teaming?
Red Teaming is a game of cat-and-mouse, constantly trying to stay on top of new techniques and methods. This will probably never change, which means Red Teams will become more important, and ultimately common, over time.
What should you learn next?
Conclusion
In this episode of Infosec’s Cyber Work Podcast, Chris Sienko chatted with Curtis Brazzell, lifelong IT aficionado and managing security consultant at cybersecurity firm Pondurance. They delved into a high-level detail of Red Teaming that is sure to answer the questions that many first learning about Red Teaming have.
Stay tuned for more insightful episodes of Cyber Work. If interested, you can watch Curtis’ interview on the Cyber Work YouTube page.
In this Series
- Getting started in Red Teaming
- The rise of ethical hacking: Protecting businesses in 2024
- How to crack a password: Demo and video walkthrough
- Inside Equifax's massive breach: Demo of the exploit
- Wi-Fi password hack: WPA and WPA2 examples and video walkthrough
- How to hack mobile communications via Unisoc baseband vulnerability
- How to build a hook syscall detector
- Top tools for password-spraying attacks in active directory networks
- NPK: Free tool to crack password hashes with AWS
- Tutorial: How to exfiltrate or execute files in compromised machines with DNS
- Top 19 tools for hardware hacking with Kali Linux
- 20 popular wireless hacking tools [updated 2021]
- 13 popular wireless hacking tools [updated 2021]
- Man-in-the-middle attack: Real-life example and video walkthrough [Updated 2021]
- Decrypting SSL/TLS traffic with Wireshark [updated 2021]
- Dumping a complete database using SQL injection [updated 2021]
- Hacking clients with WPAD (web proxy auto-discovery) protocol [updated 2021]
- Hacking communities in the deep web [updated 2021]
- How to hack Android devices using the StageFright vulnerability [updated 2021]
- Hashcat tutorial for beginners [updated 2021]
- How to hack a phone charger
- What is a side-channel attack?
- Copy-paste compromises
- Hacking Microsoft teams vulnerabilities: A step-by-step guide
- PDF file format: Basic structure [updated 2020]
- 10 most popular password cracking tools [updated 2020]
- Popular tools for brute-force attacks [updated for 2020]
- Top 7 cybersecurity books for ethical hackers in 2020
- How quickly can hackers find exposed data online? Faster than you think …
- Hacking the Tor network: Follow up [updated 2020]
- Podcast/webinar recap: What's new in ethical hacking?
- Ethical hacking: TCP/IP for hackers
- Ethical hacking: SNMP recon
- How hackers check to see if your website is hackable
- Ethical hacking: Stealthy network recon techniques
- Ethical hacking: IoT hacking tools
- Ethical hacking: BYOD vulnerabilities
- Ethical hacking: Wireless hacking with Kismet
- Ethical hacking: How to hack a web server
- Ethical hacking: Top 6 techniques for attacking two-factor authentication
- Ethical hacking: Port interrogation tools and techniques
- Ethical hacking: Top 10 browser extensions for hacking
- Ethical hacking: Social engineering basics
- Ethical hacking: Breaking windows passwords
- Ethical hacking: Basic malware analysis tools
- Ethical hacking: How to crack long passwords
- Ethical hacking: Passive information gathering with Maltego
- Ethical hacking: Log tampering 101
- Ethical hacking: What is vulnerability identification?
- Ethical hacking: Breaking cryptography (for hackers)
- Ethical hacking: Attacking routers
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
