Penetration Testing mailing list archives
Re: Best attack strategy for a Red Team?
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Thu, 12 Mar 2009 19:50:59 -0400
Really,Ok then, all you evil blackhat hackers, why don't you share all of your information with us defenders so that we can protect against your ohday!
See the point now? ;) On Mar 12, 2009, at 6:44 PM, Mike Acker wrote:
Adriel, No offence but I don't see the point... Defenders should have access to the same information that attackers do. I say a public forum is is the perfect place. It just separates the people who do their own research and go the extra step if they are that interested in the field, as they should be. I also know, many of the students started reading books a year ahead they were so exciting about participating. I'm sure many will disagree, but information should be free. Why should defenders lack attackers tools and information? makes no sense. What next, get off my lawn... On Tue, 10 Mar 2009 14:11:07 -0400 Scott <opiesan () gmail com> wrote:That's a good point. I've tried posting this to some private forums but there was no response. It's an acceptable risk the student teams could be members of this list and this seemed like the best resource for feedback on the topic. Frankly, I'm probably the least of their worries given the skill set of the other attack team members. Social Engineering has been harder to pull off since the teams all know what we look like but it's worked a few times before. Thank you for the feedback. Scott On Tue, Mar 10, 2009 at 12:44 PM, Adriel T. Desautels <ad_lists () netragard com> wrote:Well, For starters I wouldn't ask about it in publicforum. How do you knowif the defenders are reading this email list or not? Ifyou take publicadvice who's to say that they won't build the defensefirst?That said, use Social Engineering to start... itworks if you do itright. On Mar 9, 2009, at 1:55 PM, Scott wrote:Howdy folks! I'm part of a Red Team for the Mid-Atlantic regionCCDC competition(Collegiate Cyber Defense Competition). There are somepretty talentedfolks on the team and I'm arguably the leastexperienced (for now).The short version explanation is that teams of collegestudents aretasked with operating and defending a "corporate"network of systemsranging from web, email, DB, MS Domain servers, VoIP,and normalworkstations. They have to patch a wide variety ofholes while keepingdesignated services available for scoring. The teamwith the mostuptime wins. Meanwhile, the red team is busy attackingthese servicesalong with anything else we can get into and createhavoc for thestudent teams. My question to all of you is what you would recommendfor an attackstrategy here. In previous competitions it's beenchallenging to knowwhere to start as there are many options. Should Ifind a hole and digin with backdoors, create new user accounts, take overthe adminaccounts and lock out the student teams??? Technicallythe red team issupposed to bring down or deny access to the servicesthe students arescored on (primary objective). There's always moregoing than thathowever. I'd like to stay focused when we go into the3 day event thismonth so I need a plan. How would you do it if you didn't know more thanpossibly what typesof systems you'll find on the target networks? Thanks. ScottAdriel T. Desautels ad_lists () netragard com -------------------------------------- Subscribe to our blog http://snosoft.blogspot.com
Adriel T. Desautels ad_lists () netragard com -------------------------------------- Subscribe to our blog http://snosoft.blogspot.com
Current thread:
- Best attack strategy for a Red Team? Scott (Mar 10)
- Message not available
- Re: Best attack strategy for a Red Team? Scott (Mar 12)
- Re: Best attack strategy for a Red Team? Mike Acker (Mar 15)
- Re: Best attack strategy for a Red Team? Scott (Mar 12)
- Message not available
- Message not available
- Re: Best attack strategy for a Red Team? Scott (Mar 12)
- Message not available
- Re: Best attack strategy for a Red Team? Scott (Mar 12)
- Re: Best attack strategy for a Red Team? sr. (Mar 15)
- Re: Best attack strategy for a Red Team? Scott (Mar 12)
- Re: Best attack strategy for a Red Team? Scott (Mar 12)
- Re: Best attack strategy for a Red Team? Adriel T. Desautels (Mar 12)
- Message not available
- Re: Best attack strategy for a Red Team? Adriel T. Desautels (Mar 15)
- <Possible follow-ups>
- Re: Best attack strategy for a Red Team? vijay . upadhyaya (Mar 12)
- Re: Best attack strategy for a Red Team? krymson (Mar 12)