Adversary Simulation Comprehensive

Traditional security testing does not always accurately reflect the true tactics, trade-craft or simple pure grit and determination of an adversary. Red Teaming is the process of viewing a problem from an adversary or competitor's perspective; and simulates realistic attack scenarios, using the same trade-craft and tools used by the adversary, to mimic the threat to key business assets.

This hands-on training will demonstrate how a genuine Red Team approach successfully combines physical, digital, social and supply chain attack vectors in order to accurately replicate the activities of the adversary, to beat them at their own game. Using practical scenarios, participants will learn:

Day One

Module 1: Mindset Analysis

Introduces the concept of Red Teaming as the process of viewing a problem from an adversary’s perspective. This module will explain the origins of Red Teaming, who uses it, what context it is used in (e.g. military, businesses), and why it is of value to a security assessment. Specifically, this module will also outline how Red Teaming uses the same trade-craft and tools used by an adversary to mimic the threat to key business assets; successfully combining physical, digital and social attack vectors in order to accurately replicate the activities of a sophisticated adversary.

  • What Red Teaming is and what it is not

  • The Red Team Mindset

Module 2: Adversary Analysis

Introduces the various adversaries that a Red Team may attempt to emulate, what is important to them, what their motivations are, what their limitations are and how this makes them think and act. This module will demonstrate the ability to understand and tap into the mindset of an adversary is what allows Red Team members adapt effectively while operating in various contexts and situations.

  • Adversary Profiles

  • Adversary Tactics

Module 3: Target Analysis

Explores how to apply an adversary perspective (as covered in Module 2) to approaching a Red Teaming assignment. This includes developing a risk profile for each subject of the Red Teaming exercise (the ‘target’) based on who they are and who is most likely to target them. This module will outline how to combine adversary and target analysis to identify likely adversaries.

  • Target Desirability

  • Business Assets and Types of Protected Information

Day Two

Module 4: Social Reconnaissance

Introduces the concept of social reconnaissance as undertaken by an adversary. This includes the various organizational/human/relationship elements of a target, from employees to social media to the supply chain.

  • Social (e.g.Social Media, HUMINT, Supply Chain)

Module 5: Digital Reconnaissance

Introduces the concept of digital reconnaissance as undertaken by an adversary. This includes both active and passive reconnaissance, with a particular focus on infrastructure and applications used.

  • Digital (e.g.Footprinting, OSINT, Mobile, Wireless, Infrastructure)

Day Three

Module 6: Physical Reconnaissance

Introduces the concept of physical reconnaissance as undertaken by an adversary. This includes the various physical security elements of a target, such as physical access to technological infrastructure, business assets, and tangible protected information.

  • Physical (e.g. Office Locations Access Points)

Module 7: Planning Attack Strategies

Discusses social, digital and physical attack strategies, specifically how adversaries combine social, digital and physical strategies to engage in layered attacks. The module explores executive targeting, supply chain and traveling employees as attack strategies and analysis of Red Team planning.

  • Mapping Reconnaissance

  • Building Attack Scenarios

    • Digital

    • Social

    • Physical

    • Supply chain

    • Simulating Adversary Tactics

    • Planning Attacks

  • Small Team Tactics

  • Red Teaming the Plans

  • Communication protocol

  • Custom Tools

DAY Four

Module 8: Real Simulation Exercise Part A:

Participants are given the opportunity to take part in a simulated Red Team exercise over two days. Participants will be given details about the target and will then use the knowledge gained in the training to build adversary profiles, undertake reconnaissance, plan attacks, execute the attacks vectors and engage in a post-exercise debrief.

  • Digital attack vectors

  • Social Engineering attack vectors

  • Supply chain attack vectors

  • Lock picking

  • RFID cloning

  • CCTV/Alarm system

  • Night entry

DAY Five

Module 9: Real Simulation Exercise Part B:

Participants will continue with the exercise.

  • Digital attack vectors

    • Executives

    • Supply chain

Module 10: Team Debrief:

  • Post-exercise debrief

New call-to-action