NotificationsYou must be signed in to change notification settings
Fork9
Star43

RedTeam - Red Team Tools

You must be signed in to change notification settings

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 53 Commits
Awesome		Awesome
MITRE ATT&CK/Tactics		MITRE ATT&CK/Tactics
Red Hat		Red Hat
RedCore		RedCore
GiTools.md		GiTools.md
README.md		README.md
Red Team Report Template.docx		Red Team Report Template.docx
RedTeam		RedTeam
RedTeam - Rules of Engagement Template.docx		RedTeam - Rules of Engagement Template.docx
shr3dkit		shr3dkit

Repository files navigation

בס״ד

⚜️ Aภl๏miuภuຮ ⚜️

RedTeam

RedTeam - Red Team Tools

RED TEAM DEVELOPMENT CHECKLIST

⫷MITRE ATT&CK |OST Map |ATT&CK Navigator |Atomic Red Team ⫸

TTP - Tactics, Techniques and Procedures
TI - Threat Intelligence
CTI - Cyber Threat Intelligence
ISAC - Information and Sharing Analysis Centers

1 Reconnaissance:
- No identified TTPs, use internal team methodology
2 Weaponization:
- Command and Scripting Interpreter
  - PowerShell
  - Python
  - VBA
  - Ruby
  - Bash
  - Shell
- User executed malicious attachments
3 Delivery:
- Exploit Public-Facing Applications
- Spearphishing
4 Exploitation:
- Registry modification
- Scheduled tasks
- Keylogging
- Credential dumping
5 Installation:
- Ingress tool transfer
- Proxy usage
6 Command & Control:
- Web protocols (HTTP/HTTPS)
- DNS
- Actions on Objectives
- Exfiltration over C2

Cyber Kill Chain	MITRE ATT&CK
Recon	Reconnaissance
Weaponization	Execution
Delivery	Initial Access
Exploitation	Initial Access
Installation	Persistence / Defense Evasion
Command & Control	Command and Control
Actions on Objectives	Exfiltration / Impact

Determine required knowledge and skills
Identify and implement alternate methods for bridging knowledge gaps
Develop roles and responsibilities guide
Develop red team methodology
Develop TTP guidance for engagements
Includes Bag of tricks
Develop data collection guide and tools
Develop operational process plan
Develop communication plan template
Develop ROE template:Rules of Engagement (RoE)
Develop technical briefing template
Develop report template:Diablo

Concept of Operation (CONOPS)

There is not a set standard of a CONOPS document;

Below is an outline of critical components that should be included in a CONOPS

Client Name
Service Provider
Timeframe
General Objectives/Phases
Other Training Objectives (Exfiltration)
High-Level Tools/Techniques planned to be used
Threat group to emulate (if any)

Resource Plan

Header
- Personnel writing
- Dates
- Customer
Engagement Dates
- Reconnaissance Dates
- Initial Compromise Dates
- Post-Exploitation and Persistence Dates
- Misc. Dates
Knowledge Required (optional)
- Reconnaissance
- Initial Compromise
- Post-Exploitation
Resource Requirements
- Personnel
- Hardware
- Cloud
- Misc.

Mission Plan

Objectives:
Operators
Exploits/Attacks
Targets
- Users:
- Machines:
- Objectives:
Execution plan variations

PLANNING - RED TEAM ENGAGEMENT CHECKLIST

Engagement Planning
- ROE
  - Event Communication plan
  - Distribute Deconfliction Process
  - Entry point/method
  - Scope
  - Goals/Objectives (should address at least one of the following)
    - Protect
    - Detect
    - Respond
    - Restore
  - Target Restrictions
  - Target Infrastructure / Asset verification / Approvals
- Scenario Development
- Operational Impact planning
Develop threat profiles
- Network and Host Activity
- IOC Generation (incl subsequent Analysis) and Management
Plan threat infrastructure
- Tier 1
  - IPs
  - Systems
  - Redirectors
  - PPS
- Tier 2
  - IPs
  - Systems
  - Redirectors
  - PPS
- Tier 3
- IPs
- Systems
- Redirectors
- PPS
- Deploy tools to infrastructure
Data collection repository

RED TEAM ENGAGEMENT GOAL PLANNING

COMMON GOALS: MEASURE AND OBSERVE ...

A THREAT’S ABILITY TO ACCESS TO COMMON AND RESTRICTED AREAS (PHYSICAL)
- What ability does a threat have to access common areas?
- What ability does a threat have to access restricted areas?
- Can a threat use access gained to enable cyber capabilities?
- What impacts can a threat have through gained access?
A THREAT’S ABILITY TO ACCESS KEY/CRITICAL SYSTEMS
- Can a threat access key/critical systems?
- What impacts can a threat have on key/critical systems?
A THREAT’S ABILITY TO MOVE FREELY THROUGHOUT A NETWORK
- What ability does a threat have to freely move throughout a network?
A THREAT’S ABILITY TO GAIN DOMAIN WIDE AND LOCAL ADMINISTRATIVE ACCESS?
- What ability does a threat have to gain local administrative access?
- What ability does a threat have to gain domain administrative access?
- What ability does a threat have to gain elevated access?
A THREAT’S ABILITY TO ACCESS OR IDENTIFY SENSITIVE INFORMATION
- What ability does a threat have to access sensitive information?
- What ability does a threat have to identify sensitive information?
A THREAT’S ABILITY TO EXFILTRATE DATA OUTSIDE AN ORGANIZATION
- What ability does a threat have to exfiltrate data outside an organization?
- How much data must be exfiltrated to impact an organization?
A THREAT’S ABILITY TO ACT UNDETECTED FOR A GIVEN TIME FRAME
- How long can a threat go undetected?
- Can a threat achieve its goals undetected?
- What must a threat do to stimulate a reaction from an organization?
A THREAT’S ABILITY TO PERFORM OPERATIONAL IMPACTS
- What impacts can a threat perform against an organization?
- How can a threat affect X?

Rules of Engagement (RoE)

Rules of Engagement
- Executive Summary
  - Overarching summary of all contents and authorization within RoE document
- Purpose
  - Defines why the RoE document is used
- References
  - Any references used throughout the RoE document (HIPAA, ISO, etc.)
- Scope
  - Statement of the agreement to restrictions and guidelines
- Definitions
  - Definitions of technical terms used throughout the RoE document
- Rules of Engagement and Support Agreement
  - Defines obligations of both parties and general technical expectations of engagement conduct
- Provisions
  - Define exceptions and additional information from the Rules of Engagement
- Requirements, Restrictions, and Authority
  - Define specific expectations of the red team cell
- Ground Rules
  - Define limitations of the red team cell's interactions
- Resolution of Issues/Points of Contact
  - Contains all essential personnel involved in an engagement
- Authorization
  - Statement of authorization for the engagement
- Approval
  - Signatures from both parties approving all subsections of the preceding document
- Appendix
  - Any further information from preceding subsections

Campaign planning

The campaign summary we will be using consists of four different plans varying in-depth and coverage adapted from military operations documents.

Type of Plan	Explanation of Plan	Plan Contents
Engagement Plan	An overarching description of technical requirements of the red team.	CONOPS, Resource and Personnel Requirements, Timelines
Operations Plan	An expansion of the Engagement Plan. Goes further into specifics of each detail.	Operators, Known Information, Responsibilities, etc.
Mission Plan	The exact commands to run and execution time of the engagement.	Commands to run, Time Objectives, Responsible Operator, etc.
Remediation Plan	Defines how the engagement will proceed after the campaign is finished.	Report, Remediation consultation, etc.

Engagement Plan:

Component	Purpose
CONOPS (Concept of Operations)	Non-technically written overview of how the red team meets client objectives and target the client.
Resource plan	Includes timelines and information required for the red team to be successful—any resource requirements: personnel, hardware, cloud requirements.

Operations Plan:

Component	Purpose
Personnel	Information on employee requirements.
Stopping conditions	How and why should the red team stop during the engagement.
RoE (optional)	-
Technical requirements	What knowledge will the red team need to be successful.

Mission Plan:

Component	Purpose
Command playbooks (optional)	Exact commands and tools to run, including when, why, and how. Commonly seen in larger teams with many operators at varying skill levels.
Execution times	Times to begin stages of engagement. Can optionally include exact times to execute tools and commands.
Responsibilities/roles	Who does what, when.

Remediation Plan (optional):

Component	Purpose
Report	Summary of engagement details and report of findings.
Remediation/consultation	How will the client remediate findings? It can be included in the report or discussed in a meeting between the client and the red team.

TryHackMe:Red Team Engagements:
- Learn the steps and procedures of a red team engagement, including planning, frameworks, and documentation.
Red Teaming Toolkit

Tools

Shr3dKit Red Team Tool Kit

This tool kit is very much influenced by infosecn1nja's kit. Use this script to grab majority of the repos.
NOTE: hard coded in /opt and made for Kali Linux
Total Size (so far): 2.5+Gb

About

RedTeam - Red Team Tools

Releases

No releases published

Packages

No packages published

Languages

Shell100.0%

Movatterモバイル変換

AnLoMinus/RedTeam

Folders and files

Latest commit

History

Repository files navigation

⚜️ Aภl๏miuภuຮ ⚜️

RedTeam

RED TEAM DEVELOPMENT CHECKLIST

Concept of Operation (CONOPS)

There is not a set standard of a CONOPS document;

Below is an outline of critical components that should be included in a CONOPS

Resource Plan

Mission Plan

PLANNING - RED TEAM ENGAGEMENT CHECKLIST

RED TEAM ENGAGEMENT GOAL PLANNING

COMMON GOALS: MEASURE AND OBSERVE ...

Rules of Engagement (RoE)

Campaign planning

The campaign summary we will be using consists of four different plans varying in-depth and coverage adapted from military operations documents.

Engagement Plan:

Operations Plan:

Mission Plan:

Remediation Plan (optional):

Tools

Shr3dKit Red Team Tool Kit

This tool kit is very much influenced by infosecn1nja's kit. Use this script to grab majority of the repos.

NOTE: hard coded in /opt and made for Kali Linux

Total Size (so far): 2.5+Gb

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages0

Languages

Packages