Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Best tools for red and blue teams are methodology, experience

Kacy Zurkus | Oct. 13, 2016
In many ways, parenting and security have a lot in common. No book exists that provides all of the answers.

While the risks to a particular environment will determine specific tools that will help them achieve their security goals, practitioners also need a variety of traditional technologies regardless of their threat landscape.

"Metasploit is a tool used to run attacks, and NMAP is a common and well understood tool that allows them to do reconnaissance and put together an attack chain by hand," Rodgers said.

Many tools have been around for a long time on the red team side. "Those used for internal and external exposures include everything from wireless tools like Aircrack, a cracking tool for wireless networks. There are lots of ways to get into the internal and external resource exposures," said Rodgers.

Core Impact, what Rodgers defined as "Metasploit on steroids," is a commercial-based solution used for penetration testing. "There is also Safe Breach, a mechanism to automate red team tool sets. It's essentially an automated way of doing all those things they can do with Metasploit, but it automates and provides a report," Rodgers said.

What's most important for blue team's, said Rodgers, "Especially around phishing and vishing, is the ability to understand what types of controls exist in their environment. I've seen people finding controls in their network as they go through an exercise."

Because blue teams base their function off of their ability to collect and make use of the data they collect, log management tools, like Splunk, are important tools.

Rodgers said, "Another piece of the puzzle is understanding how to collect all of the data of what the team has done and record it in a high enough fidelity in postmortem exercises to determine what they did right or wrong and how to do it better."

Blue teams are challenged by staying vigilant in their defense, but David Kennedy CEO and Ben Mauch of TrustedSec said, "For red teams, it's usually more about methodology, rather than being tool-dependent. Knowing how to identify what you are going after is methodical based."

Still there are different tools that turn the methodologies of both red and blue teams into action. Guided by penetration testing execution standards, Kennedy said he has a methodical way of going after a company.

"You go step by step, through the methods of how to go after a target. Start off with intelligence gathering. Understand who your target is, why you want to go after them, do vulnerability analysis," Kennedy said.

Common tools across the board for hackers who are getting to know their targets are social media and online sites. "LinkedIn is one of the most valuable tools for hackers. You know what type of technology people use because they list it right on their profiles. Here's the firewall we use, and here is my experience with it," Kennedy said.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.