Red team testing: hacking and lying your way to data.
Written by Tom Wyatt on 30/11/2018
“Yeah, but we look awesome, so cross your arms and look menacing.”
It’s through a red team test that we discovered we could compromise a business using a few pints of milk (and no, we don’t mean pouring it over the servers). Red team assessments take a multi-layered approach that seeks to test every aspect of a company’s security. They test the technical, the physical, the management elements and even the people. We try to compromise a business by any means (bar violence of course). Red team tests are many things, but most importantly...
Our badges looked legitimate enough at first glance, but of course they would not work on the door system as we had no idea what kind of technology was in place. We had created several kinds of card based on known RFID badge types. These didn’t work, but one using the same technology would sound out a telling warning beep, which became important later. A beeping card reader adds a sense of authenticity.
A quick look round the general area confirmed that there was indeed a back door. However, it was a fire exit adorned with a sign that read ‘this door is alarmed’. As we were trying to be as inconspicuous as possible, I decided to go through the front (non-alarmed) door.
Once in, I took out my laptop (complete with large Wi-Fi antennas) and strolled around with an intense look of concentration. Fortunately, if you look like you work in IT, people are reluctant to speak to you unless they absolutely have to. I found a partially empty office and plugged a disguised USB ethernet adaptor into an unmanned desk PC.
Our USB ethernet adaptor actually contained a small Linux machine that would remotely connect to our own servers and allow us to tunnel into the target network. However, it seemed the internal network had some form of filtering in place that blocked unknown devices, which would have stopped us getting anything out of our milky exploits. Game over? Not yet – remember, we were also armed with several users’ credentials. After logging into the computer, we were able to bypass this filtering and gained access to their servers.
From here on in, the rest is mostly the same as any internal penetration test. We found things that were broken, abused them, stole passwords, spread further and kept on going and gathering evidence until there was nowhere else to go or until we were caught.
We were not caught on this occasion. Instead, we provided our client with a lengthy report and helped them tighten their processes and improve their security. We showed them the extent a malicious actor was willing to go. It’s not always someone at a laptop on the other side of the world. Sometimes, it’s a man with some milk.
You are a target
As you can see, a red team test is very involved. You might think that your company is too small to attract this level of attention, and to some extent you might be right. We’re not likely to try to sneak into a five-person strong team claiming to be the new intern, but we will try every other trick in the book. We adapt our tactics to the situation. Smaller companies tend to have less sophisticated technology or be laxer in their processes. Hackers often take the path of least resistance, meaning smaller companies will always be in their crosshairs.
Of course, not every company would benefit from a red team test, but if you’re storing large quantities of sensitive data that would benefit nefarious entities, it’s good to make sure every aspect of your security is as strong as it could be, because hackers will try to get at it one way or another.
ISO 27001 and 9001 certified
Tigerscheme qualified testers
PCI DSS v3.2 Level 1
24/7 on-site Security
Get a quote today
If you’re interested in our services, get a free, no obligation quote today by filling out the form below.