Upload
others
View
17
Download
0
Embed Size (px)
Citation preview
The Purpose of a Red Team
• Penetration Testers whose aim is to find security weaknesses before a real attacker can
• Best Friends/Archrivals of the Blue Team (Defenders)
• Often operate with “Assume Breach” mindset
• Exercises the detection and response capabilities of the security operations teams
• Complements existing security controls (code reviews, SDL, auditing)
Methodology
1. Establish Scope / Get Permission
2. Initial Reconnaissance
3. Gain Subscription Access
4. Cloud Service Exploitation & Pivot
Permission
• https://security-forms.azure.com/penetration-testing
• https://security-forms.azure.com/penetration-testing/terms
2. Reconnaissance
• Intranet pages
• SharePoint
• GitHub / VSO
• Leaked Password Lists
• Nmap
• Nessus
3. Gaining Access
• Phishing
• Leaked Credentials
• Stolen Credentials
• Two-Factor Authentication Bypass
Leaking Credentials
• Management Certificates
• .PublishSettings Files
• .Config Files
• Storage Account Keys
4. Cloud Service Exploitation / Pivoting
• Misconfigurations
• Firewall Rules / ACLs
• Security Monitoring
• Design Flaws
• Data Theft
• VHD Downloads
Lack of Monitoring For Changes
• Adding User or Management Cert to Subscription
• Adding/removing a role to an RBAC user
Best Practices
• Enable & use any security features available
• Enable 2FA
• Use alt-accounts and SAWs/PAWs
• Audit your logs regularly and alert on key events
• Separate DEV and PROD, Logging
• Least Privilege