BHIS | OPSEC Fundamentals for Remote Red Teams - Michael Allen - 1-Hour

preview_player
Показать описание


0:00:00 - PreShow Banter™ — It’s Not Delivery, Its Frozen
0:09:36 - PreShow Banter™ — One Rural to Rule Them All
0:11:51 - PreShow Banter™ — Proudly Sucking at Charity
0:13:08 - PreShow Banter™ — SPECIAL GUEST: Rural Tech Fund
0:20:39 - PreShow Banter™ — Meth Lab For Computers
0:25:41 - FEATURE PRESENTATION: OPSEC Fundamentals for Remote Red Teams
0:27:00 - WHOAMI
0:30:42 - Why OPSEC is Important For Red Teams
0:34:01 - Possible Countermeasures
0:36:37 - Other Red Team Threats
0:38:06 - Assessing Red Team Actions
0:39:26 - Building OPSEC Standard Procedures
0:40:42 - Local Workstation Setup
0:45:01 - OS Modifications
0:49:44 - TOOL Configurations
0:56:35 - Source IP Addresses
1:01:36 - Fail-Safe VPN
1:02:57 - Other Third-Party Services
1:10:05 - Network Services
1:15:19 - Testing New Tools
1:21:42 - Got Questions
1:27:03 - PostShow Banter™ — Access Granted

Description: During remote red team exercises, it can be difficult to keep from leaking information to the target organization's security team. Every interaction with the target's website, every email sent, and every network service probed leaves some trace that the red team was there.

Mature blue teams can correlate those pieces of information to identify red team actions and infrastructure, and use that information to either block the red team outright or execute deception operations to frustrate further attacks.

In this Black Hills Information Security (BHIS) webcast, Michael discusses common sources of data leakage during remote red team exercises and steps red teamers can take to eliminate or disguise the leakage outright, or to compartmentalize their actions and keep the blue team from connecting the dots.

He also discussed how red teamers can see the attack from the defender's point of view so that these concepts can be applied to new tools and technologies in the future.

Black Hills Infosec Socials

Black Hills Infosec Shirts & Hoodies

Black Hills Infosec Services

Backdoors & Breaches - Incident Response Card Game

Antisyphon Training

Educational Infosec Content

#bhis #infosec
  1. Black Hills Information Security
  2. Black Hills Information Security
  3. BHIS
  4. John Strand
  5. Information Security
  6. Infosec
Рекомендации по теме
BHIS | OPSEC 1:41:06

BHIS | OPSEC Fundamentals for Remote Red Teams - Michael Allen - 1-Hour

Learn OpSec Fundamentals 0:14:49

Learn OpSec Fundamentals in 15 Minutes!

OPSEC Basics 1 0:00:13

OPSEC Basics 1

BHIS | Getting 1:13:02

BHIS | Getting Started in Covert .NET Tradecraft for Post-Exploitation – Kyle Avery

CIA Spy EXPLAINS 0:00:37

CIA Spy EXPLAINS Mossad’s Ruthless Tactics 🫣 | #shorts

Cybertalk - EP7 0:52:33

Cybertalk - EP7 - OPSEC & Personal Security Guide

CyberSecurity Definitions | 0:00:26

CyberSecurity Definitions | Operational security (OPSEC)

What Is Operational 0:09:02

What Is Operational Security (OPSEC) & How Does It Work?

Unmasking the Mastermind: 0:01:00

Unmasking the Mastermind: Topiary - Infamous Lulzsec Blackhat #securityhacker #opsec

Operations Security (OPSEC) 0:59:33

Operations Security (OPSEC) tradecraft tips for online Open Source Intelligence (OSINT) Research

OPSEC | Operational 0:07:06

OPSEC | Operational Security | Privacy | Online Security | Ten Commandments

Back to Basics, 0:20:37

Back to Basics, Episode 8 - OPSEC Operational Security

Did you know 0:00:15

Did you know all of them? #cybersecurity #opsec #hacking #kali #flipperzero #linux #hak5 #computer

Great Example of 0:00:54

Great Example of Hypergamy

ANDREW TATE SAYS 0:00:34

ANDREW TATE SAYS THIS ABOUT CRYPTO FUTURE #shorts

OPSEC: Breaking Bad 0:02:13

OPSEC: Breaking Bad OPSEC Habits

most dangerous Virus 0:00:29

most dangerous Virus in Windows 10

The Grugq 1:04:25

The Grugq OPSEC Because Jail is for wuftpd

Russian troops suck 0:01:00

Russian troops suck at OPSEC

Rust Fundamentals for 0:55:48

Rust Fundamentals for Infosec w/ Matthew Eidelberg

DEF CON 29 0:45:41

DEF CON 29 Adversary Village - Marc Smeets - Exploiting Blue Team OPSEC Failures with RedELK

Digital Krav Maga: 0:18:29

Digital Krav Maga: OpSec for security researchers

Satoshi Nakamoto, 2014 0:00:54

Satoshi Nakamoto, 2014 | “I have nothing to do with Bitcoin”

OPSEC for the 0:29:51

OPSEC for the software developer (Security rules, tips and tricks)

Комментарии
Автор

I on the other hand love watching and hearing the pre-show banter, great stuff as always from everyone at BHIS

MrRandomg
Автор

Fantastic video, lots of great info covered.

oliver
Автор

Great content.You are awesome guys ..
Okays so on a lighter side a situation when a attacker is attacked .
Red team basically known for attacking and offensive security is really scared of Blue team.

arzoo_singh
Автор

7:03 watching videos at 2x speed is so relatable ^^ ps: I also like turtles!

userou-igze
Автор

Why does the blue team have to play by the rules? They should be using some of the red team techniques.. How often do you see the system say apache when its a windows IIS or vice versa.. ?,

Telancer
Автор

is that a Bear Grylls photo on the left?

Roger
Автор

What type of rules do you have to abide by? I feel like someone could easily social engineer any company out there... if they were good at it. regardless cool stuff... man that's gotta be some fun times :-p and no sleep probably lol

Telancer