In our previous post, Red Teaming: Command and Control protocols, we performed a very brief introduction of RETURNINGPATIENT in the general context of choosing different command and control strategies in our red teaming campaigns. In this post, we will take a deeper dive into RETURNINGPATIENT itself and discuss its properties and its limitations.
Red teaming, in an information security context, is an adversarial-based offensive activity against an organisation's assets, whether this is infrastructure, applications or people. Red teaming is a specialised penetration testing service offering wherein the attacker assumes the role of an advanced threat actor and attempts to compromise agreed upon components inside the target. The threat actors use Tactics, Techniques and Procedures (TTPs) in their compromise campaigns. It is designed to be stealthier than a typical penetration test and test the defences of a network against a persistent attacker. It is also goal driven to provide focus and guide the test towards what the targeted organisation sees as its most valuable assets rather than the common misconception of "get domain admin". Mitre's ATT&CK framework, provides a comprehensive breakdown of all the different tactics in a red teaming engagement and outline of all different techniques inside each tactic.
Phishing is a topic that has been discussed to death due to the ease of exploitation of humans and the approach taken to catch someone off guard. Other issues that are not considered as much are social engineering, CEO fraud, fake friends on social media, or waterhole attacks, and the reason for that is due to the overhead of effort versus reward.
In InfoSec history books, 2019 should be called ‘The year of the Post-Exploitation Command and Control Frameworks’ with major projects falling in that category being developed and made public, such as:
Foregenix's cybersecurity experts have been deeply involved in supporting the PCI Council during the development of the new PCI Software Security Framework (SSF), and today we are proud to announce we are fully enabled to help your organisation align and achieve compliance with this new program.
In our previous post, Red Teaming: Command and Control protocols, we performed a very brief introduction of RETURNINGPATIENT in the general context of choosing different command and control strategies in our red teaming campaigns. In this post, we will take a deeper dive into RETURNINGPATIENT itself and discuss its properties and its limitations.
Red teaming, in an information security context, is an adversarial-based offensive activity against an organisation's assets, whether this is infrastructure, applications or people. Red teaming is a specialised penetration testing service offering wherein the attacker assumes the role of an advanced threat actor and attempts to compromise agreed upon components inside the target. The threat actors use Tactics, Techniques and Procedures (TTPs) in their compromise campaigns. It is designed to be stealthier than a typical penetration test and test the defences of a network against a persistent attacker. It is also goal driven to provide focus and guide the test towards what the targeted organisation sees as its most valuable assets rather than the common misconception of "get domain admin". Mitre's ATT&CK framework, provides a comprehensive breakdown of all the different tactics in a red teaming engagement and outline of all different techniques inside each tactic.
Phishing is a topic that has been discussed to death due to the ease of exploitation of humans and the approach taken to catch someone off guard. Other issues that are not considered as much are social engineering, CEO fraud, fake friends on social media, or waterhole attacks, and the reason for that is due to the overhead of effort versus reward.
In InfoSec history books, 2019 should be called ‘The year of the Post-Exploitation Command and Control Frameworks’ with major projects falling in that category being developed and made public, such as:
Foregenix's cybersecurity experts have been deeply involved in supporting the PCI Council during the development of the new PCI Software Security Framework (SSF), and today we are proud to announce we are fully enabled to help your organisation align and achieve compliance with this new program.
