Traditional security testing does not always accurately reflect the true tactics, trade-craft or simple pure grit and determination of an adversary. Red Teaming is the process of viewing a problem from an adversary or competitor's perspective; and simulates realistic attack scenarios, using the same trade-craft and tools used by the adversary, to mimic the threat to key business assets.
This hands-on training will demonstrate how a genuine Red Team approach successfully combines physical, digital, social and supply chain attack vectors in order to accurately replicate the activities of the adversary, to beat them at their own game. Using practical scenarios, participants will learn:
Module 1: Mindset Analysis
Introduces the concept of Red Teaming as the process of viewing a problem from an adversary’s perspective. This module will explain the origins of Red Teaming, who uses it, what context it is used in (e.g. military, businesses), and why it is of value to a security assessment. Specifically, this module will also outline how Red Teaming uses the same trade-craft and tools used by an adversary to mimic the threat to key business assets; successfully combining physical, digital and social attack vectors in order to accurately replicate the activities of a sophisticated adversary.
What Red Teaming is and what it is not
The Red Team Mindset
Module 2: Adversary Analysis
Introduces the various adversaries that a Red Team may attempt to emulate, what is important to them, what their motivations are, what their limitations are and how this makes them think and act. This module will demonstrate the ability to understand and tap into the mindset of an adversary is what allows Red Team members adapt effectively while operating in various contexts and situations.
Module 3: Target Analysis
Explores how to apply an adversary perspective (as covered in Module 2) to approaching a Red Teaming assignment. This includes developing a risk profile for each subject of the Red Teaming exercise (the ‘target’) based on who they are and who is most likely to target them. This module will outline how to combine adversary and target analysis to identify likely adversaries.
Business Assets and Types of Protected Information
Module 4: Social Reconnaissance
Introduces the concept of social reconnaissance as undertaken by an adversary. This includes the various organizational/human/relationship elements of a target, from employees to social media to the supply chain.
Social (e.g.Social Media, HUMINT, Supply Chain)
Module 5: Digital Reconnaissance
Introduces the concept of digital reconnaissance as undertaken by an adversary. This includes both active and passive reconnaissance, with a particular focus on infrastructure and applications used.
Digital (e.g.Footprinting, OSINT, Mobile, Wireless, Infrastructure)
Module 6: Physical Reconnaissance
Introduces the concept of physical reconnaissance as undertaken by an adversary. This includes the various physical security elements of a target, such as physical access to technological infrastructure, business assets, and tangible protected information.
Physical (e.g. Office Locations Access Points)
Module 7: Planning Attack Strategies
Discusses social, digital and physical attack strategies, specifically how adversaries combine social, digital and physical strategies to engage in layered attacks. The module explores executive targeting, supply chain and traveling employees as attack strategies and analysis of Red Team planning.
Building Attack Scenarios
Simulating Adversary Tactics
Small Team Tactics
Red Teaming the Plans
Module 8: Real Simulation Exercise Part A:
Participants are given the opportunity to take part in a simulated Red Team exercise over two days. Participants will be given details about the target and will then use the knowledge gained in the training to build adversary profiles, undertake reconnaissance, plan attacks, execute the attacks vectors and engage in a post-exercise debrief.
Digital attack vectors
Social Engineering attack vectors
Supply chain attack vectors
Module 9: Real Simulation Exercise Part B:
Participants will continue with the exercise.
Digital attack vectors
Module 10: Team Debrief:
CAPTIVATE YOUR AUDIENCE AT YOUR NEXT EVENT WITH A CYBERSECURITY SPEAKER
Businesses and government organizations are increasingly requesting the help of cybersecurity speakers to develop strategies to protect their valuable information.
So why not take the advantage of having a presenter that speaks about cybersecurity from an adversary perspective.
OTHER OFFENSIVE SECURITY SERVICES -
TAILORED SERVICES TO TEST YOUR DEFENCES
Designed to mimic real-world threats and sophisticated attack vectors to test your defences and eliminate gaps into your entire organisation.
ADVERSARY SIMULATION TRAINING
This hands-on training will demonstrate how a genuine Red Team approach successfully combines physical, digital, social and supply chain attack vectors in order to accurately replicate the activities of the adversary, to beat them at their own game.
Loop will outline how red teaming simulates realistic attack scenarios, using the same trade-craft and tools used by the adversary to mimic the threat to key business assets.
LOOP GUIDE - CONTINUAL ASSURANCE
Download our free guide to Continual Assurance to help you answer your most important questions about the service.
Accelerate Business Growth with customer confidence and Trust.
Delivering you accredited Qualified Security Assessors to continually manage, monitor and track your PCI compliance. Speak to our consultants to ensure you remain compliant.
CYBER-ATTACKS CAN HAPPEN ANYTIME. BE READY TO RESPOND.
Australian based 24x7 security operations centre. We help to defend against advanced threats & protect your business with our (SOC) Security Operations Centre and (DIFR) Team.