12 practical resources to empower your cybersecurity red team

In the construction of the network security capability system of modern enterprises, an indispensable link is to think about the shortcomings of the enterprise in network security construction from the perspective of attackers. The job of a cybersecurity red team is essentially to play the role of a potential attacker, comprehensively combing through an organization's IT assets to find vulnerabilities and attack paths in order to better repair or respond to risks. The offensive skill set that a cybersecurity red team brings to the table is valuable to businesses. Its role is not only to find security problems, but also to help system developers gain an in-depth understanding of computer systems.

Given the importance of cybersecurity red teaming efforts, organizations should seek out a wide range of resources to ensure they can be fully implemented. This article collects 12 practical resources closely related to the work of the network security red team, covering technical tools, professional tutorials, security research and thinking articles, etc., which can help red team members quickly improve their professional knowledge and work skills.

1、Pentester Academy

This is a monthly subscription security red team online video course service. The content mainly teaches knowledge related to penetration testing, but it also offers courses on operating system forensics, social engineering tasks, and information security assembly language. Through this platform, students can learn how to exploit buffer overflows, create hacking tools for demonstration, and explain the impact of specific operations on security.

Portal:

https://www.pentesteracademy.com/

2、Awesome Red Teaming

Here is a very detailed list on GitHub of a number of cybersecurity red team resources available. These resources detail every technical aspect of red team efforts, from initial access, execution, and persistent infiltration to lateral movement, collection, and exfiltration. In addition, tools, books, training, and certification related to security red teams are introduced.

Portal:

https://github.com/yeyintminthuhtut/Awesome-Red-Teaming#-training–free-

https://techbeacon.com/how-build-best-cyber-threat-hunting-team

3、The Daily Swig

This is a cybersecurity news platform sponsored by PortSwigger Web Security. It contains a lot of relevant knowledge to understand the work of the cybersecurity red team, including: hacking attacks, data breaches, exploit tools, web application vulnerabilities, and new security technologies. . His recent articles include “Observations on Sensitive Customer Data Exposure at Major Job Sites,” “How to Find Security Vulnerabilities in Amazon S3 Buckets,” and “Offensive Security Is at Risk.”

Portal:

https://portswigger.net/daily-swig

4、Florian Hansemann

Hansemann is a veteran ethical hacker and cybersecurity penetration testing engineer. In his personal Twitter, he often shares tools and technologies that are of interest to red team members. For example, he detailed how to use Tokenvator, a tool that uses Windows tokens to escalate privileges, and how to write attack payload test cases that inject processes into Windows. At the same time, he will also give some suggestions on the problems faced by security testers.

Portal:

https://twitter.com/HanseSecure

5、ringzer0team.com

This is a “capture the flag” website run by a team of ethical hackers that often hosts challenges designed to test and improve the various programming skills required by red team members. The organization also provides professional sharing and red teaming advice for ethical hackers through its official Twitter page.

Portal:

https://ringzer0team.com/

6、Bug reconnaissance

Bug reconnaissance (How to do reconnaissance properly before chasing a bug bounty?) is a professional article written by Hussnain Fareed, a Pakistani website developer, machine learning enthusiast, and security researcher.In this article, Hussnain Fareed discusses in detail where to test software for vulnerabilities and what tools can be used to find vulnerabilities. It is a very high reference for red teams planning reconnaissance strategies.

Portal:

https://medium.com/secjuice/guide-to-basic-recon-bug-bounties-recon-728c5242a115

7. “Penetration Testing Practical Manual”

Although this is a long-running paper book, it is still an effective way for ethical hackers and red team professionals to quickly learn about hacking techniques and information. Topics covered include common reconnaissance tools and tactics, lateral movement techniques, popular attack techniques, and how to crack passwords. The author Peter Kim also opened his own Twitter page and occasionally shared some tips and experiences related to penetration testing work.

Portal:

https://twitter.com/hackerplaybook?lang=en

8. SANS digital forensics and incident response

SANS Institute is a global cybersecurity training organization and its DFIR (Digital Forensics and Incident Response) Twitter page contains a wealth of up-to-date knowledge sharing about SANS courses and industry expert experience. For better interactive discussions, SANS has opened a special communication website. Many red team members will use hacking tools that they find useful, such as attention-deficit-disorder, a program that pollutes memory with false content, and use it to hide files in the system. Clip Folder Shield and the application Timestomp that tamper with NTFS timestamps, etc., and share them on this homepage.

Portal:

https://twitter.com/sansforensics

https://www.dfir.training/tools/anti-counter-forensics

9. “Red Team Diary” magazine

Cybersecurity red teaming is not a purely technical job, but requires a systematic approach that extensively combines critical thinking and reverse thinking. This is exactly the idea behind Red Team Diary magazine. It will often publish some of the latest red team technical articles, such as red team operations and penetration testing, but it will also focus on the cultivation of red team thinking, such as “Red Team Members' Declaration”. The magazine currently has an official Twitter page and has many active contributors who regularly write content on a wide range of topics related to red team workers.

Portal:

https://redteamjournal.com/

https://twitter.com/redteamjournal

10、PenTestIt

This is a professional website for the cybersecurity industry, positioning itself as “the ultimate source of all information security knowledge.” Through this website, security red team members can obtain a lot of interesting and practical information. For example, it continuously publishes detailed malware sources, including Trojans, remote access Trojans, keyloggers, ransomware, boot kits, and exploit kits. It also has a dedicated query page for Shodan, one of the most popular open source threat intelligence search engines currently used to discover unprotected assets exposed on the Internet. In addition, this website will contain a large number of practical articles introducing attacker simulation tools.

Portal: http://pentestit.com/

11、Vincent Yiu

This is a Twitter account set up by an individual. Yiu claims to be an “offensive network security expert” with extensive experience in red team work. Through this account, he will compile many of his work practices and suggestions and impart valuable experience to learners who want to become members of the red team.

Portal:

https://www.linkedin.com/in/vincent-yiu/

https://twitter.com/vysecurity

12. Miter ATT&CK framework

The ATT&CK framework was publicly released in 2015 and has grown from an Excel spreadsheet tool shared by insiders to a global knowledge base of threat activities, techniques and models, becoming widely popular among enterprises, governments and security vendors. Security Tools. The ATT&CK framework provides the most comprehensive and timely collection of community knowledge about cyberattack activity in the wild, which helps enterprises prioritize security threats and be used to evaluate security methods, products and services. For red team members, with the help of the ATT&CK framework, they can better understand the behavioral risks of known attackers, plan security improvements, and verify whether defensive measures are effective.

Portal:

https://attack.mitre.org/wiki/Main_Page

Reference links:

https://techbeacon.com/security/modern-red-teaming-21-resources-your-security-team