Penetration Testing mailing list archives
Re: Best attack strategy for a Red Team?
From: krymson () gmail com
Date: 10 Mar 2009 16:55:22 -0000
This likely won't help, but if you can get access to a target server, don't throw that away right away; dig deeper like you mentioned. I think too often red teams will get all excited about a shell and soon everyone on the team is trying to use that account to do cute, but noisy stuff that gets them found out and shunned quickly. Identify a way in, use a different IP if possible for the exploit, and a different IP to leverage your new power. Dig deep as you can and with redundant means before springing actual downtime. The first access should be one you keep safe and secret for as long as you can. If you can keep them from shunning you early and tracing back what you did to get access, and instead keep them chasing other fires you cause from that first access, you should be good! <- snip -> Howdy folks! I'm part of a Red Team for the Mid-Atlantic region CCDC competition (Collegiate Cyber Defense Competition). There are some pretty talented folks on the team and I'm arguably the least experienced (for now). The short version explanation is that teams of college students are tasked with operating and defending a "corporate" network of systems ranging from web, email, DB, MS Domain servers, VoIP, and normal workstations. They have to patch a wide variety of holes while keeping designated services available for scoring. The team with the most uptime wins. Meanwhile, the red team is busy attacking these services along with anything else we can get into and create havoc for the student teams. My question to all of you is what you would recommend for an attack strategy here. In previous competitions it's been challenging to know where to start as there are many options. Should I find a hole and dig in with backdoors, create new user accounts, take over the admin accounts and lock out the student teams??? Technically the red team is supposed to bring down or deny access to the services the students are scored on (primary objective). There's always more going than that however. I'd like to stay focused when we go into the 3 day event this month so I need a plan. How would you do it if you didn't know more than possibly what types of systems you'll find on the target networks? Thanks. Scott
Current thread:
- Re: Best attack strategy for a Red Team?, (continued)
- Re: Best attack strategy for a Red Team? Mike Acker (Mar 15)
- Message not available
- Re: Best attack strategy for a Red Team? Scott (Mar 12)
- Message not available
- Re: Best attack strategy for a Red Team? Scott (Mar 12)
- Re: Best attack strategy for a Red Team? sr. (Mar 15)
- Re: Best attack strategy for a Red Team? Scott (Mar 12)
- Re: Best attack strategy for a Red Team? Adriel T. Desautels (Mar 12)
- Message not available
- Re: Best attack strategy for a Red Team? Adriel T. Desautels (Mar 15)