Red Team and Blue Team
Theory Modules
Introduction to Red Team and Blue Team Fundamentals
Red Team Fundamentals
Before a Red Team exploit can commence, the Rules of Engagement must be agreed upon. This is normally done by the management of an organization. Other employees are normally not involved in the discussion and are not even sometimes aware of these exercises that are about to take place.
A common goal exists between the Red and Blue Team, which is strengthening the network infrastructure.
The Red Team in Cybersecurity identifies weak spots in a company’s IT infrastructure. Typically, a company will hire an external Red Team to verify the company’s infrastructure, but internal Red Teams for companies do exist. This practice is also referred to as Penetration Testing.
Once vulnerabilities in the network are discovered, specific steps must be taken by the Red Team to report it to the company and ensure the prevention of exploitation of these vulnerabilities by malicious external parties.
Red Team exercises are done with the consent of the management team, but normally without informing other employees to ensure that exercises or exploits are closely simulated to real-life situations. Red Team exercises will use non-destructive methods to accomplish pre-agreed goals while simulating the hacking lifecycle.
The hacking lifecycle consists of the following components or phrases:
Reconnaisssance
Scanning
Maintaining Access
Clearing Tracks
Blue Team Fundamentals
The function of the Blue Team in Cybersecurity is very closely related to the Red Team. The Blue Team needs to assess the network security infrastructure and identify possible vulnerabilities. The difference between the Red Team and the Blue Team is that where the Red Team imitates the attacks and exploitations, the Blue Team needs to find ways to defend and protect the network resources from exploitation.
The Blue Team needs to be aware of the different types of attacks and exploitations used by the Red Team, and be able to either prevent these attacks or be able to respond in the correct and timely manner when these types of exploits occur to prevent any further malicious activity.
Functionality
Blue Team activities are not exclusively related to attacks, but also involve continuous monitoring of a network for unsolicited traffic and possible vulnerabilities which can then be remedied before the vulnerability is discovered. The Blue Team is involved in the hardening and strengthening of the entire network infrastructure by using software, such as Intrusion Detection Software (IDS) which provides with real-time data of the traffic and activities on the network.
Steps for Blue Team activities may include the following:
Security log analysis
Memory utilization analysis
Network traffic analysis
System hardening through policies
Constantly reviewing policies and updating these policies accordingly
The Blue and Red Teams will work closely together to ensure the protection of the network resources and the infrastructure.
Protocols and Ports used for Exploits
Determine Open Ports on a Windows Machine
Netstat
the nestat tool will be used to determine which ports are open on a Windows operating system. The netstat tool is a built-in Command Prompt tool that is available on all Windows operating systems. Netstat (network statistics) is used to display network connections to the operating system.
These steps can be conducted by the Blue Team to ensure that there are no unnecessary ports open on client machines to secure and harden the operating system against exploits.
cmd-> netstat -help
option
-a -> dispay all connetions and listening ports
-n -> dispay addresses and ports in numerical form
Using GUI
Start -> Windows Firewall with advanced security -> inbound rules -> filter by group -> filter by telnet -> telnet server -> protocols and ports -> telnet server properties
Determine Open Ports on a Linux Machine
lsof --help -> This command will list all the variables that can be used with the lsof command.
lsof -i
Scan the Network for Hosts and Open Ports
IP Addressing Concepts
Red Team modules
Introduction to Kali Linux
Wireshark Essentials
Nmap: Network Scanning Techniques
Man in the Middle Exploits
Introduction to Metasploit
Credential Harvesting Tools
Blue Team modules
Server Operating Systems Basics
Network Monitoring Tools in Server Operating Systems
Server Firewall Configuration
Malware Protection and Antivirus Protection
Patch Management and Software Updates
Securing Servers with Policies
Red Team Vs. Blue Team Modules
Denial of Service on a Server
Exploiting Telnet Vulnerabilities
SMB Exploit with Responder
Performing a Brute Force Password Attack
Exploit Windows with Metasploit (Eternal Blue)
Last updated
