red-team-tactics
Sécurité & ConformitéRed team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.
Documentation
Red Team Tactics
> Adversary simulation principles based on MITRE ATT&CK framework.
---
1. MITRE ATT&CK Phases
Attack Lifecycle
RECONNAISSANCE → INITIAL ACCESS → EXECUTION → PERSISTENCE
↓ ↓ ↓ ↓
PRIVILEGE ESC → DEFENSE EVASION → CRED ACCESS → DISCOVERY
↓ ↓ ↓ ↓
LATERAL MOVEMENT → COLLECTION → C2 → EXFILTRATION → IMPACTPhase Objectives
| Phase | Objective |
|-------|-----------|
| Recon | Map attack surface |
| Initial Access | Get first foothold |
| Execution | Run code on target |
| Persistence | Survive reboots |
| Privilege Escalation | Get admin/root |
| Defense Evasion | Avoid detection |
| Credential Access | Harvest credentials |
| Discovery | Map internal network |
| Lateral Movement | Spread to other systems |
| Collection | Gather target data |
| C2 | Maintain command channel |
| Exfiltration | Extract data |
---
2. Reconnaissance Principles
Passive vs Active
| Type | Trade-off |
|------|-----------|
| Passive | No target contact, limited info |
| Active | Direct contact, more detection risk |
Information Targets
| Category | Value |
|----------|-------|
| Technology stack | Attack vector selection |
| Employee info | Social engineering |
| Network ranges | Scanning scope |
| Third parties | Supply chain attack |
---
3. Initial Access Vectors
Selection Criteria
| Vector | When to Use |
|--------|-------------|
| Phishing | Human target, email access |
| Public exploits | Vulnerable services exposed |
| Valid credentials | Leaked or cracked |
| Supply chain | Third-party access |
---
4. Privilege Escalation Principles
Windows Targets
| Check | Opportunity |
|-------|-------------|
| Unquoted service paths | Write to path |
| Weak service permissions | Modify service |
| Token privileges | Abuse SeDebug, etc. |
| Stored credentials | Harvest |
Linux Targets
| Check | Opportunity |
|-------|-------------|
| SUID binaries | Execute as owner |
| Sudo misconfiguration | Command execution |
| Kernel vulnerabilities | Kernel exploits |
| Cron jobs | Writable scripts |
---
5. Defense Evasion Principles
Key Techniques
| Technique | Purpose |
|-----------|---------|
| LOLBins | Use legitimate tools |
| Obfuscation | Hide malicious code |
| Timestomping | Hide file modifications |
| Log clearing | Remove evidence |
Operational Security
---
6. Lateral Movement Principles
Credential Types
| Type | Use |
|------|-----|
| Password | Standard auth |
| Hash | Pass-the-hash |
| Ticket | Pass-the-ticket |
| Certificate | Certificate auth |
Movement Paths
---
7. Active Directory Attacks
Attack Categories
| Attack | Target |
|--------|--------|
| Kerberoasting | Service account passwords |
| AS-REP Roasting | Accounts without pre-auth |
| DCSync | Domain credentials |
| Golden Ticket | Persistent domain access |
---
8. Reporting Principles
Attack Narrative
Document the full attack chain:
Detection Gaps
For each successful technique:
---
9. Ethical Boundaries
Always
Never
---
10. Anti-Patterns
| ❌ Don't | ✅ Do |
|----------|-------|
| Rush to exploitation | Follow methodology |
| Cause damage | Minimize impact |
| Skip reporting | Document everything |
| Ignore scope | Stay within boundaries |
---
> Remember: Red team simulates attackers to improve defenses, not to cause harm.
Compétences similaires
Explorez d'autres agents de la catégorie Sécurité & Conformité
security-scanning-security-dependencies
"You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across ecosystems to identify vulnerabilities, assess risks, and recommend remediation."
auth-implementation-patterns
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.
azure-keyvault-secrets-rust
|