Red-Team is the best simulation you can do to improve your network security against APTs.
In a high level, there are 3 main phases:
- Initial compromise or intrusion of the target network – usually phishing email or drive-by download.
- Post-exploitation – reconnaissance and lateral movement
- Exfiltration – infinite number of ways, game over if it comes to this point.
When it comes to Active Directory’s Red-Team operation, it’s very common to finish it quickly by dumping the LSASS and finding the Domain Admin.
Last week, byt3bl33d3r released a Python script that leverages Empire Rest API and automatically executes the common post-exploitation techniques—credentials lookup using GPP or Mimikatz, lateral movement using invoke-WMI, and some more methodologies—to find the Holy Grail a.k.a Domain Admin.
There are obviously many ways to complete your job as a Red-Teamer. I recommend reading this nice post:
Javelin Networks to the Rescue
Javelin’s main mission is to prevent lateral movement no matter the size of the network. We know how hard it is to protect it with the current solutions because we’ve tried doing it. In the following video, you can see what would happen to a Red-Team trying to do some post-exploitation moves. Enjoy:
Feel free to reach out – firstname.lastname@example.org