\u201cRed Teaming\u201d p\u0159edstavuje kombinaci information Gathering (OSINT), blackbox penetra\u010dn\u00edch test\u016f s c\u00edlem minimalizovat jejich detekci ze strany z\u00e1kazn\u00edka a soci\u00e1ln\u00edho in\u017een\u00fdrstv\u00ed jak ve form\u011b sofistikovan\u00e9ho spear phishingu,\u00a0 tak fyzick\u00e9 infiltrace.<\/p>\n
Red Team p\u0159edstavuje profesion\u00e1ln\u00ed t\u00fdm hacker\u016f<\/b>, soci\u00e1ln\u00edch in\u017een\u00fdr\u016f a \u201cintelligence\u201d expert\u016f, kte\u0159\u00ed dok\u00e1\u017e\u00ed z\u00edsk\u00e1vat, analyzovat a n\u00e1sledn\u011b vyu\u017e\u00edvat mno\u017estv\u00ed d\u016fle\u017eit\u00fdch informac\u00ed pot\u0159ebn\u00fdch na samotnou infiltraci.<\/p>\n
Red Teaming je sofistikovan\u00fd, koordinovan\u00fd \u00fatok, kter\u00fd simuluje re\u00e1ln\u00fd hackersk\u00fd \u00fatok<\/b>, s c\u00edlem vyhnout se detekci (ze strany tzv. \u201cBlue Teamu\u201d).\u00a0 Za norm\u00e1ln\u00edch okolnost\u00ed IT odd\u011blen\u00ed z\u00e1kazn\u00edka (s v\u00fdjimkou zadavatele) nen\u00ed o \u00fatoku informov\u00e1no.\u00a0 Samotn\u00fd Red Team obvykle tak\u00e9 nedisponuje \u017e\u00e1dn\u00fdmi informacemi o c\u00edlov\u00e9 infrastruktu\u0159e, syst\u00e9mech \u010di zam\u011bstnanc\u00edch dan\u00e9 organizace.\u00a0 Z tohoto hlediska jde o tzv.\u00a0 \u201cBlackbox test\u201d.\u00a0 Jedin\u00e1 informace, kterou z\u00e1kazn\u00edk schvaluje, je seznam odhalen\u00fdch potenci\u00e1ln\u00edch c\u00edl\u016f, kter\u00e9 Red Team n\u00e1sledn\u011b vyu\u017eije k \u00fatoku (jinak by toti\u017e mohlo doj\u00edt k neleg\u00e1ln\u00edm \u00fatok\u016fm na infrastrukturu, kterou z\u00e1kazn\u00edk nevlastn\u00ed) a seznam zak\u00e1zan\u00fdch metod nebo praktik, kter\u00e9 Red Team nem\u016f\u017ee pou\u017e\u00edt (nap\u0159\u00edklad\u00a0 DoS \u00fatoky, vyd\u00edr\u00e1n\u00ed \/ vyhro\u017eov\u00e1n\u00ed v p\u0159\u00edpad\u011b soci\u00e1ln\u00edho in\u017een\u00fdrstv\u00ed apod).<\/p>\n
Red Teaming p\u0159esto, \u017ee nejde do \u0161\u00ed\u0159ky, s c\u00edlem identifikovat v\u0161echny mo\u017en\u00e9 zranitelnosti, tak vyu\u017e\u00edv\u00e1 n\u011bkolik vektor\u016f \u00fatok\u016f nad r\u00e1mec b\u011b\u017en\u00fdch penetra\u010dn\u00edch test\u016f (nap\u0159\u00edklad soci\u00e1ln\u00ed in\u017een\u00fdrstv\u00ed).<\/b><\/p>\n
Jeho c\u00edlem je dosa\u017een\u00ed \u201cvlajky\u201d ( \u201cflag\u201d) jako nap\u0159\u00edklad z\u00edsk\u00e1n\u00ed lok\u00e1ln\u00edho dom\u00e9nov\u00e9ho administr\u00e1tora nebo kompromitace hrani\u010dn\u00edho sm\u011brova\u010de.\u00a0 A toto je mo\u017en\u00e9 doc\u00edlit jak\u00fdmkoliv zp\u016fsobem \u2013 od technick\u00e9ho pr\u016fniku na samotn\u00e9 syst\u00e9my a\u017e po psychologickou manipulaci hlavn\u00edho administr\u00e1tora ve firm\u011b.<\/p>\n
C\u00edlem Red Teaming je otestovat spole\u010dnost na komplexn\u00ed hybridn\u00ed \u00fatok<\/b>, p\u0159i kter\u00e9m jsou vyu\u017eity v\u0161echny mo\u017en\u00e9 dostupn\u00e9 zp\u016fsoby k dosa\u017een\u00ed tohoto c\u00edle.<\/p>\n
Vztah mezi Red t\u00fdmem a Blue t\u00fdmem je asymetrick\u00fd a to na dvou \u00farovn\u00edch<\/b>\u00a0\u2013 Red Teamu sta\u010d\u00ed naj\u00edt jen jednu zranitelnost, aby se dok\u00e1zal p\u0159i sv\u00e9m \u00fatoku posunout dop\u0159edu.\u00a0 Blue Team oproti tomu mus\u00ed m\u00edt opraven\u00e9 (a neust\u00e1le opravovat) v\u0161echny mo\u017en\u00e9 zneu\u017eiteln\u00e9 zranitelnosti.\u00a0 Sou\u010dasn\u011b Red Teamu sta\u010d\u00ed ud\u011blat jednu chybu, aby ho Blue Team dok\u00e1zal odhalit (a nap\u0159\u00edklad zcela zablokovat) a Red Team mus\u00ed za\u010d\u00edt znovu.<\/p>\nPR\u016eB\u011aH RED TEAMINGU<\/h1>\n
Z\u00cdSK\u00c1V\u00c1N\u00cd INFORMAC\u00cd (INFORMATION GATHERING)<\/h2>\n
Jde o pasivn\u00ed, \u00favodn\u00ed f\u00e1zi Red Teaming.\u00a0 C\u00edlem t\u00e9to f\u00e1ze je z ve\u0159ejn\u011b dostupn\u00fdch zdroj\u016f (datab\u00e1z\u00ed, registr\u016f, vyhled\u00e1va\u010d\u016f, soci\u00e1ln\u00edch s\u00edt\u00ed) z\u00edskat co nejv\u00edce informac\u00ed, kter\u00e9 mohou b\u00fdt vyu\u017eity p\u0159i dal\u0161\u00edm pr\u016fniku.\u00a0 Jde zejm\u00e9na o:<\/p>\n
C\u00edlen\u00fd \u00fatok na infrastrukturu i zam\u011bstnance organizace m\u016f\u017ee prob\u00edhat paraleln\u011b.\u00a0 \u010clenov\u00e9 Red Teamu jsou v neust\u00e1l\u00e9m kontaktu, informace navz\u00e1jem si sd\u00edlej\u00ed a vyu\u017e\u00edvaj\u00ed je p\u0159i samotn\u00e9m \u00fatoku.<\/p>\n
Blackbox penetra\u010dn\u00ed test extern\u00ed infrastruktury je mo\u017en\u00e9 prov\u00e9st hned pot\u00e9\u00a0 jak zadavatel (White Team) schv\u00e1l\u00ed seznam odhalen\u00fdch c\u00edl\u016f \u00fatoku (s c\u00edlem znemo\u017enit \u00fatoky na nepovolen\u00e9 adresn\u00ed rozsahy).<\/p>\n
Na rozd\u00edl od b\u011b\u017en\u00e9ho blackbox penetra\u010dn\u00edho testu, tento prob\u00edh\u00e1 v maxim\u00e1ln\u00edm utajen\u00ed (tzv. \u201cStealth re\u017eimu\u201d), bu\u010f z unik\u00e1tn\u00edch VPN nebo Tor uzl\u016f, kter\u00e9 jsou podle pot\u0159eby m\u011bn\u011bny.\u00a0 Standardn\u00edm c\u00edlem je z\u00edskat p\u0159\u00edstup do intern\u00ed s\u00edt\u011b (z\u00edsk\u00e1n\u00ed VPN p\u0159\u00edstup\u016f, kompromitovan\u00fdch server\u016f v DMZ, c\u00edlen\u00e9 \u00fatoky na klienty \u2013 viz n\u00ed\u017ee \u201csoci\u00e1ln\u00ed in\u017een\u00fdrstv\u00ed).<\/p>\n
Soci\u00e1ln\u00ed in\u017een\u00fdrstv\u00ed (ve form\u011b spear phishingu \u010di fyzick\u00e9 infiltrace) m\u00e1 podobn\u011b jako penetra\u010dn\u00ed test vyty\u010den\u00fd konkr\u00e9tn\u00ed c\u00edl ( \u201cflag\u201d) a vyu\u017e\u00edv\u00e1 v\u0161echny metody (kter\u00e9 nejsou explicitn\u011b zak\u00e1z\u00e1ny z\u00e1kazn\u00edkem) k jeho dosa\u017een\u00ed.\u00a0 Tam pat\u0159\u00ed c\u00edlen\u00fd phishing (spear phishing), \u010dastokr\u00e1t se speci\u00e1ln\u011b upraven\u00fdm malwarem, jeho\u017e c\u00edlem je kompromitovat koncov\u00e9ho mailov\u00e9ho klienta nebo prohl\u00ed\u017ee\u010d a z\u00edskat p\u0159\u00edstup do intern\u00ed s\u00edt\u011b.\u00a0 \u010casto se na toto vyu\u017e\u00edvaj\u00ed d\u016fv\u011bryhodn\u011b vypadaj\u00edc\u00ed podvr\u017een\u00e9 internetov\u00e9 dom\u00e9ny, fale\u0161n\u00e9 certifik\u00e1ty atd.<\/p>\n
V p\u0159\u00edpad\u011b, \u017ee \u00fatok na infrastrukturu nebo zam\u011bstnance organizace je \u00fasp\u011b\u0161n\u00fd a Red Team z\u00edsk\u00e1 p\u0159\u00edstupov\u00e9 \u00fadaje do intern\u00edch syst\u00e9m\u016f nebo se mu poda\u0159\u00ed fyzicky dostat do budovy, tak pokra\u010duje v eskalaci opr\u00e1vn\u011bn\u00ed a dal\u0161\u00ed infiltraci.<\/p>\n