SOS consultants deliver a sell out tutorial at AusCERT’15 on Red Teaming

Red Teaming is an effective way to really test your security.

Put simply, Red Teaming involves SOS operatives putting themselves in the place of a motivated attacker. It differs to a standard penetration test in that, instead of testing a specific set of security controls, a Red Team is focused on the goal (access) rather than the method.

A Red Team assessment employs creativity and utilises tools and techniques that may not have been anticipated or planned for. A Red Team’s purpose is to think like a real attacker, who will not be aiming to test your defences, but aiming to breach them by any means possible – often by thinking outside of the box.

In a Red Team engagement, rather than determining which systems to test, it might be more effective to outline what is not in scope. With broader boundaries a Red Team may find vulnerabilities that stem from cultural bias in system design, flawed conclusions, or the limitations and expectations of an insider perspective.

A Red Team exercise with a broad scope might combine off-site reconnaissance or remote network access with a physical penetration test, site audit, or utilise social engineering techniques such as tailgating. Rather than replicating only the most likely attack methods, Red Team operatives will also try unlikely ones, employing creative approaches that a motivated attacker would use without hesitation.

SOS CTO Jason Edelstein and Managing Consultant Nathaniel Carew presented “Practical Red Teaming – defending against advanced digital and physical threats” at AusCERT 2015