Red-Team is the best simulation you can do to improve your network security against APTs.
In a high level, there are 3 main phases:
* Initial compromise or intrusion of the target network – usually phishing email or drive-by download.
* Post-Exploitation – reconnaissance and lateral movement
* Exfiltration – infinite number of ways, game over if it came to this point.
When it comes to Active Directory’s Red-Team operation, it’s very common to finish it quickly by dumping the LSASS and finding the Domain Admin—The End.
Last week, byt3bl33d3r released python script that leverages Empire Rest API and executes automatically the common Post-Exploitation techniques—credentials lookup using GPP or Mimikatz, lateral movement using invoke-WMI, and some more methodologies—to find the Holy Grail a.k.a Domain Admin.
There are obviously many ways to complete your job as a red-teamer; I recommend reading this nice post:
Javelin-Networks to the Rescue
Javelin’s main mission is to prevent Lateral Movement no matter the size of your network. We know how hard it is to protect it with the current solutions. In the following video, you can see what would happen to a red-team trying to do some post-exploitation moves. Enjoy:
Feel free to reach out – firstname.lastname@example.org