Adversary Simulation Introduction
Traditional security testing does not always accurately reflect the true tactics, trade-craft or simple pure grit and determination of an adversary. Red Teaming is the process of viewing a problem from an adversary or competitor's perspective; and simulates realistic attack scenarios, using the same trade-craft and tools used by the adversary, to mimic the threat to key business assets.
This hands-on training will demonstrate how a genuine Red Team approach successfully combines physical, digital, social and supply chain attack vectors in order to accurately replicate the activities of the adversary, to beat them at their own game. Using practical scenarios, participants will learn:
Module 1: Mindset Analysis
Introduces the concept of Red Teaming as the process of viewing a problem from an adversary's perspective. This module will explain the origins of Red Teaming, who uses it, what context it is used in (e.g. military, businesses), and why it is of value to a security assessment. Specifically, this module will also outline how Red Teaming uses the same trade-craft and tools used by an adversary to mimic the threat to key business assets; successfully combining physical, digital, social and supply chain attack vectors in order to accurately replicate the activities of a sophisticated adversary.
Module 2: Adversary Analysis
Introduces the various adversaries that a Red Team may attempt to emulate, what is important to them, what their motivations are, what their limitations are and how this makes them think and act. This module will demonstrate the ability to understand and tap into the mindset of an adversary is what allows Red Teams to adapt effectively while operating in various contexts and situations.
Module 3: Target Analysis
Explores how to apply an adversary perspective (as covered in Module 2) to approaching a Red Teaming assignment. This includes developing a risk profile for each subject of the Red Teaming exercise (the 'target'). This module will then outline how to combine adversary and target analysis to identify likely adversaries.
Module 4: Reconnaissance 1 -Social
Introduces the concept of social reconnaissance as undertaken by an adversary. This includes the various organisational/human/relationship elements of a target, from employees to social media to the supply chain.
Module 5: Reconnaissance 2 -Digital
Introduces the concept of digital reconnaissance as undertaken by an adversary. This includes both active and passive reconnaissance, with a particular focus on infrastructure and applications used.
Module 6: Reconnaissance 3 – Physical
Introduces the concept of physical reconnaissance as undertaken by an adversary. This includes the various physical security elements of a target, such as physical access to technological infrastructure, business assets, and tangible protected information.
Module 7: Attack Strategies
Discusses social, digital and physical attack strategies, specifically,how adversaries combine social, digital and physical strategies to engage in layered attacks. The module explores executive targeting, supply chain and traveling employees as attack strategies and analysis of Red Team planning.
Module 8: Practical Exercise
Participants will be given details about a target and will then use the knowledge gained in the training modules to: build adversary profiles; undertake reconnaissance; plan attacks; execute digital attacks; and engage in a post-exercise debrief.