Cybersecurity Attacks:Red Team Strategies
上QQ阅读APP看书,第一时间看更新

Environment and office space

You might wonder why I would put an extra section that talks about the work environment and office space. I have found this to be an extremely crucial aspect of security across the industry, especially among software engineers. Many of us now work in open offices and shared environments.

These days, everyone likes open offices; at least, that is what management is telling us. Rather than diving into what this means for software developers who also deal with sensitive information and intellectual property, let's discuss what this means for security engineers, particularly for security engineers who deal with clear text passwords of systems and other employees, as well as potential information about unpatched vulnerabilities and so forth.

Open office versus closed office space

Personally, I'm not a big supporter of open offices, although for pen testing, an open office does work surprisingly well, with one caveat: ensure that only pen testers are in the neighborhood!

This is mainly for two reasons: first, you want the team to be able to speak and share ideas freely, which might include sharing sensitive information; and second, a lot of pen testing is teamwork, sharing ideas, discussing progress, and chiming in to help others.

Securing the physical environment

Even though your leadership might push for or has already moved to an open office layout, because everyone else is doing that too, it is critical to ensure that your team at least has a dedicated physical environment that can be locked down so that only stakeholders with a good business reason can access it.

Feeling safe and being able to freely communicate and share ideas, attacks, and so forth is critical during operations.

Assemble the best teams as needed

If your pen testers all have their own dedicated offices, it might be worth trying out assembled teams. For instance, for the next operation, put together a dedicated task force and have them work from a common space. This can be as simple as finding a separate room that the team works from during an operation. I have had the most fun and success running penetration tests with that approach. It might be worth a try to explore the advantages and drawbacks if you have not done something like that before.

Focusing on the task at hand

During operations, a penetration tester will handle clear text credentials and work with exploits while working towards achieving objectives. Being able to focus and work uninterruptedly during crucial moments is something the manager must ensure is possible for the team. There is nothing more disturbing and possibly dangerous than compromising the domain controller while chatting with someone else about triaging a bug that was filed three months ago.