Starting in Red Team

Starting in Red Team

This is a path I would like to talk about since I was working on my own to get to where I finally am. A Jr Red Team Operator, now we all ask ourselves this question when we start, “Where do I start?”. Well, this used to be a difficult question to answer as even I had some problems all I wanted to do was Hack I did not care what it was, I just wanted to get started. Once I did, you start finding the love and interest on the categories of hacking that you would like to focus on.

Yeah, you can be a “Jack of all trades, master of none” I mean here in hacking that is usually something hard to do, since in the working world they want you to be good at something specific, it could be programming, Initial Access, Lateral Movement, Privilege Escalation, yada yada . But here, you need to do what you like most or believe me you will be miserable it is just a fact. I am no expert or nothing, as there is so much that gets my attention, it could be Initial Access (Do see how I specify on Red Team only, but I might jump to other stuff), Enumeration, Lateral Movement, Privilege Escalation, Exploitation, Malware Development, Bypasses and so on and so on, I can honestly keep going since the list is immense on stuff that you can learn with hacking.

You thought it was only computers!! Nah, you got some jokes there it you think that way. You can hack refrigerators, Microwaves, Toasters, Cell Phones, damn anything with a radio signal or Internet is accessible to you.

But let me show you the path I took to reach here, you will notice this is more of a rough draft on some poorly written steps since I always moved around until I found my pace but let me get started.

Vulnhub

Ahh the holy grail, the Garden of Eden. Usually, the first place we beginners stumble upon when we type “How to Hack”, this incredible website developed by the famous g0tm1lk hosts various vulnerable machines that you can download and fire up to start hacking in the safety of your personal home environment, can’t talk a lot on this since it’s better if you see so yourselves.

Hack The Box

Yes, yes hackthebox the best alternative once you start running out of storage from your personal PC, and just want to start hacking this incredible site hosts a ton of vulnerable machines that go from Easy to Insane levels of difficulty it was a great experience and since this, it has been almost 2 years since I joined other great things have been added that helped on my focus with Red Team such as the ProLabs, a best place to continue practicing and don’t forget ippsecs videos since they are great and ridiculously easy to follow. The amazing thing is that he explains the attacks as well, not just throws you into ok run this command and you got in.

https://app.hackthebox.eu/login

TryHackMe

Another incredible site for hosting vulnerable machines, some of the key differences about tryhackme that differs with hackthebox is that you are GUIDED throughout the machine, there are steps to follow to reach your goal. So, this is a great alternative to hackthebox since you will fire up a machine have a guide to follow and learn while doing. I think this is a great way to approach newcomers by doing while learning, they also have a great offensive path to follow that will get you closer to red team or offensive security, you should also check the other paths that are available and the pro labs since they are immensely useful and a very great place to start learning into Active Directory.

OSCP

Ok, ok this is not a lab and place to learn but this is the first course I took when trying to jump into the cybersecurity workspace, when new to this your eyes sparkle at the fact that this exam is hands-on nothing about multiple choice test, you get 5 machines, hack them! And gain your certificate an incredible way to demonstrate not only that you understand cybersecurity but that you can also implement it on the real world.

MITRE ATT&CK

Oh boy, oh boy was this one enlightening, this place was the best thing I have ever reached out too when trying to step my game up into Red Teaming. It was incredible but damn was it difficult, the thing about ATT&CK is, this place is not much of a learning grounds or course. It is a framework that explains the TTP (Tactics, Techniques and Procedures) that APT (Advanced Persistent Threats) take when trying to compromise a Network. This place IS THE PLACE we all need to look at when working into Red Team, forget everything and jump on this (well maybe don’t forget). For me to understand these techniques and learn the tactics, tools or anything related to Red Team (Shameless plug) I wrote a gitbook that helped me grasp the information on the techniques, but fair warning I mostly wrote it only focusing on the Windows side of things, Linux is cool, but you hardly see it, and Mac is pricey didn’t want to research it at all back then, maybe now would be good.

https://attack.mitre.org/

Plug

https://dmcxblue.gitbook.io/red-team-notes-2-0/

RTO by ZeroPointSecurity

Aaah this course, so many things about this, I do not know, I just do not know, let me start with some simple words, amazing it is, amazing. Elegant yet simple, it has a finesse that I have not encountered in some other courses. This course WILL have you thinking and doing a ton of Red Team it follows the MITRE Framework in a simple yet sophisticated way. We go through Initial Access and end with Exfiltration, you will start from 0 to creating your Phishing payload to moving to Domain Admin and Exfiltrating Data, I have nothing but good things about this course and the best part? You get access to updates Forever, para siempre, per sempre. Yes, sir you heard that right attacks are getting more sophisticated and we are always presented with new techniques this course keep up to date in its knowledge and its labs. I highly recommend this. This was my first red team related course. Do take this, yes go, now.

https://www.zeropointsecurity.co.uk/red-team-ops

Pentester Academy Red Team Labs

And finally, Pentester Academy I had approached this labs in the past but the other modules not the Red Team section, this was new when I discovered it some time back, it is really focus on Active Directory Attacks which Red Team is heavily concentrated on, the course was great, very useful and a great way to jump into Active Directory Techniques, I tried this once and I failed. Yep, that was almost more than a year ago and probably will jump back to it later in the future.

https://www.pentesteracademy.com/redlabs

So as you can see this is the path I took to get my foot in the door, always try to keep my blog updates, github, anything I could to stay active with the community since it’s great to have friends which you can talk about and throw ideas when trying to work on Red Team stuff, it doesn’t have to be red team it can be other things, I do thank all the people I met when trying to reach my goal, some thought me Reverse Engineering, Exploits, Web Apps, Scripting and many other things.

I will always Thank You.

8 Likes

Great!

I would say that I’ve heard the RTO being mentioned as the CRTO (but whatever). For red teaming make sure you know how to MAP TTPs to the MITRE ATT&CK framework and put them on your report. That’s the biggest thing companies are looking for, besides an OSCP. If there’s anything else job related that you can think of that a red team operator needs off the top of your head sharing the information would be appreciated :slight_smile:

2 Likes

Thank you for the contribution!

A few questions that might be good for a follow up blog:

  • In your day-to-day role, what do you most often do?

  • While red teaming, how much time do you spend analyzing ATT&CK to plan out the exercise?

  • Do you research any APTs and mimic their TTPs for these exercises?

  • Should the average reader new to infosec try to become a Junior Red Team Operator?

  • What is the fastest pwn you have gotten? Whether in a lab environment or in the field.

1 Like

Hi!!, No worries I can answer them now.

1.- Stay up to date. Mostly research all day need to understand what is going on and see how can I implement it in exercises.
2.- Not much, the Adversary Emulation has been done already in-house at the client we are targeting. What is mostly done is Assume Breaches
3.- I do, the techniques that are used in the wild can be very helpful as you have an understanding what is working.
4.- OK, so this one is hard to answer since I got lucky, the recommended is No, do not try. Since Red Teaming you should already be familiar with tools, techniques and procedures that are being used. You can try don’t make me stop you, but you should have a solid understanding in penetration testing. I had a few interviews were I was being asked very advanced techniques, situational awareness, OPSEC considerations and such. If you do go, I wish you the best of luck
5.- Initial Access, SPN is Domain Admin, Password cracked in 16 seconds, BOOM.

3 Likes

Ah, awesome questions @Sea and excellent answers @dmcxblue! I realy enjoy this topic

1 Like