Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Scott (opiesangmail.com)
Date: Tue Mar 10 2009 - 08:28:43 CDT
I use the term "Red Team" loosely here (apologies to all the real pen
testers/red team folks on the list). Very few people on the team are
professional pen testers, if any. Some of them do it for the company
they work for but I doubt any of us are paid to run pen tests on other
companies. We're all volunteers to help give the student teams
experience dealing with a live opponent. For the sake of the
discussion let's call it the attack team instead.
Thanks for the book recommendation. I've seen/read plenty that talk
about the tools and how to perform specific actions (buffer overflows,
password cracking, social engineering, etc.) but few of them went
through the proper approach and methodology for deciding which path to
take. This book seems to do that along with some of the more specific
information. Have you read this one personally or is it generally
considered an appropriate book for the pen testing field?
On Tue, Mar 10, 2009 at 7:58 AM, Stack Smasher <stacksmashergmail.com> wrote:
> This seems like a very basic question for someone on a "Red" team. I would
> suggest learning to walk before you try to run. Start with some basic pen
> testing books before asking questions like this.
> On Mon, Mar 9, 2009 at 1:55 PM, Scott <opiesangmail.com> wrote:
>> Howdy folks!
>> I'm part of a Red Team for the Mid-Atlantic region CCDC competition
>> (Collegiate Cyber Defense Competition). There are some pretty talented
>> folks on the team and I'm arguably the least experienced (for now).
>> The short version explanation is that teams of college students are
>> tasked with operating and defending a "corporate" network of systems
>> ranging from web, email, DB, MS Domain servers, VoIP, and normal
>> workstations. They have to patch a wide variety of holes while keeping
>> designated services available for scoring. The team with the most
>> uptime wins. Meanwhile, the red team is busy attacking these services
>> along with anything else we can get into and create havoc for the
>> student teams.
>> My question to all of you is what you would recommend for an attack
>> strategy here. In previous competitions it's been challenging to know
>> where to start as there are many options. Should I find a hole and dig
>> in with backdoors, create new user accounts, take over the admin
>> accounts and lock out the student teams??? Technically the red team is
>> supposed to bring down or deny access to the services the students are
>> scored on (primary objective). There's always more going than that
>> however. I'd like to stay focused when we go into the 3 day event this
>> month so I need a plan.
>> How would you do it if you didn't know more than possibly what types
>> of systems you'll find on the target networks? Thanks.
> "If you see me laughing, you better have backups"