ADVERSARY SIMULATION
COMPREHENSIVE
Traditional security testing does not always accurately reflect the true tactics, trade-craft or simple pure grit and determination of an adversary. Red Teaming is the process of viewing a problem from an adversary or competitor's perspective; and simulates realistic attack scenarios, using the same trade-craft and tools used by the adversary, to mimic the threat to key business assets.This hands-on training will demonstrate how a genuine Red Team approach successfully combines physical, digital, social and supply chain attack vectors in order to accurately replicate the activities of the adversary, to beat them at their own game. Using practical scenarios, participants will learn:
Day One
Module 1: Mindset Analysis
Introduces the concept of Red Teaming as the process of viewing a problem from an adversary’s perspective. This module will explain the origins of Red Teaming, who uses it, what context it is used in (e.g. military, businesses), and why it is of value to a security assessment. Specifically, this module will also outline how Red Teaming uses the same trade-craft and tools used by an adversary to mimic the threat to key business assets; successfully combining physical, digital and social attack vectors in order to accurately replicate the activities of a sophisticated adversary.
What Red Teaming is and what it is not
The Red Team Mindset
Module 2: Adversary Analysis
Introduces the various adversaries that a Red Team may attempt to emulate, what is important to them, what their motivations are, what their limitations are and how this makes them think and act. This module will demonstrate the ability to understand and tap into the mindset of an adversary is what allows Red Team members adapt effectively while operating in various contexts and situations.
Adversary Profiles
Adversary Tactics
Module 3: Target Analysis
Explores how to apply an adversary perspective (as covered in Module 2) to approaching a Red Teaming assignment. This includes developing a risk profile for each subject of the Red Teaming exercise (the ‘target’) based on who they are and who is most likely to target them. This module will outline how to combine adversary and target analysis to identify likely adversaries.
Target Desirability
Business Assets and Types of Protected Information
Day Two
Module 4: Social Reconnaissance
Introduces the concept of social reconnaissance as undertaken by an adversary. This includes the various organizational/human/relationship elements of a target, from employees to social media to the supply chain.
Social (e.g.Social Media, HUMINT, Supply Chain)
Module 5: Digital Reconnaissance
Introduces the concept of digital reconnaissance as undertaken by an adversary. This includes both active and passive reconnaissance, with a particular focus on infrastructure and applications used.
Digital (e.g.Footprinting, OSINT, Mobile, Wireless, Infrastructure)
Day Three
Module 6: Physical Reconnaissance
Introduces the concept of physical reconnaissance as undertaken by an adversary. This includes the various physical security elements of a target, such as physical access to technological infrastructure, business assets, and tangible protected information.
Physical (e.g. Office Locations Access Points)
Module 7: Planning Attack Strategies
Discusses social, digital and physical attack strategies, specifically how adversaries combine social, digital and physical strategies to engage in layered attacks. The module explores executive targeting, supply chain and traveling employees as attack strategies and analysis of Red Team planning.
Mapping Reconnaissance
Building Attack Scenarios
Digital
Social
Physical
Supply chain
Simulating Adversary Tactics
Planning Attacks
Small Team Tactics
Red Teaming the Plans
Communication protocol
Custom Tools
DAY Four
Module 8: Real Simulation Exercise Part A:
Participants are given the opportunity to take part in a simulated Red Team exercise over two days. Participants will be given details about the target and will then use the knowledge gained in the training to build adversary profiles, undertake reconnaissance, plan attacks, execute the attacks vectors and engage in a post-exercise debrief.
Digital attack vectors
Social Engineering attack vectors
Supply chain attack vectors
Lock picking
RFID cloning
CCTV/Alarm system
Night entry
DAY Five
Module 9: Real Simulation Exercise Part B:
Participants will continue with the exercise.
Digital attack vectors
Executives
Supply chain
Module 10: Team Debrief:
Post-exercise debrief
_Loop_ISO27001_1.png)
_LoopSecure__OSSSG1121V2.png)
LOOP GUIDE - CONTINUAL ASSURANCE
Download our free guide to Continual Assurance to help you answer your most important questions about the service.
Loop_ISO27001_Guide.png)