{"id":5647,"date":"2021-03-14T13:21:48","date_gmt":"2021-03-14T12:21:48","guid":{"rendered":"https:\/\/nethemba.com\/?p=5647"},"modified":"2021-04-07T03:25:08","modified_gmt":"2021-04-07T01:25:08","slug":"red-teaming-odolate-profesionalnimu-utoku","status":"publish","type":"post","link":"https:\/\/nethemba.com\/cs\/red-teaming-odolate-profesionalnimu-utoku\/","title":{"rendered":"Red Teaming – Odol\u00e1te profesion\u00e1ln\u00edmu \u00fatoku?"},"content":{"rendered":"

1 Co je Red Teaming?<\/span><\/h1>\n

V n\u00e1sleduj\u00edc\u00edm \u010dl\u00e1nku si vysv\u011btl\u00edme, co p\u0159esn\u011b znamen\u00e1 „Red Teaming“, v \u010dem se li\u0161\u00ed od tradi\u010dn\u00edch penetra\u010dn\u00edch test\u016f, v \u010dem je p\u0159\u00edstup „Red Teaming“ unik\u00e1tn\u00ed a pro\u010d nejl\u00e9pe simuluje re\u00e1ln\u00fd koordinovan\u00fd \u00fatok.<\/span><\/p>\n

V Nethemba jsme „Red Teaming“ vykon\u00e1vali mnoho let p\u0159edt\u00edm ne\u017e se v technick\u00e9 ve\u0159ejnosti tento term\u00edn ujal – jde o kombinaci information Gathering (OSINT), blackbox penetra\u010dn\u00edch test\u016f s c\u00edlem minimalizovat jejich detekci ze strany z\u00e1kazn\u00edka a soci\u00e1ln\u00edho in\u017een\u00fdrstv\u00ed jak ve form\u011b sofistikovan\u00e9ho spear phishingu,\u00a0 tak fyzick\u00e9 infiltrace.<\/span><\/p>\n

Red Team p\u0159edstavuje profesion\u00e1ln\u00ed t\u00fdm hacker\u016f<\/b>, soci\u00e1ln\u00edch in\u017een\u00fdr\u016f a „intelligence“ expert\u016f, kte\u0159\u00ed dok\u00e1\u017e\u00ed z\u00edsk\u00e1vat, analyzovat a n\u00e1sledn\u011b vyu\u017e\u00edvat mno\u017estv\u00ed d\u016fle\u017eit\u00fdch informac\u00ed pot\u0159ebn\u00fdch na samotnou infiltraci.<\/span><\/p>\n

Blue Team p\u0159edstavuje profesion\u00e1ln\u00ed t\u00fdm ochr\u00e1nc\u016f<\/b>, obvykle syst\u00e9mov\u00e9 administr\u00e1tory z\u00e1kazn\u00edka, jejich\u017e c\u00edlem je detekovat \u00fatoky „Red Teamu“ a co nejv\u00edce je eliminovat.<\/span><\/p>\n

White Team p\u0159edstavuje \u00fazkou skupinu koordin\u00e1tor\u016f jednotliv\u00fdch t\u00fdm\u016f (objednatel)<\/b>, jako jedin\u00ed jsou informov\u00e1ni o \u00fatoku Red Teamu.<\/span><\/p>\n

Red Teaming je sofistikovan\u00fd, koordinovan\u00fd \u00fatok, kter\u00fd simuluje re\u00e1ln\u00fd hackersk\u00fd \u00fatok<\/b>, s c\u00edlem vyhnout se detekci (ze strany tzv. „Blue Teamu“).\u00a0 Za norm\u00e1ln\u00edch okolnost\u00ed IT odd\u011blen\u00ed z\u00e1kazn\u00edka (s v\u00fdjimkou zadavatele) nen\u00ed o \u00fatoku informov\u00e1no.\u00a0 Samotn\u00fd Red Team obvykle tak\u00e9 nedisponuje \u017e\u00e1dn\u00fdmi informacemi o c\u00edlov\u00e9 infrastruktu\u0159e, syst\u00e9mech \u010di zam\u011bstnanc\u00edch dan\u00e9 organizace.\u00a0 Z tohoto hlediska jde o tzv.\u00a0 „Blackbox test“.\u00a0 Jedin\u00e1 informace, kterou z\u00e1kazn\u00edk schvaluje, je seznam odhalen\u00fdch potenci\u00e1ln\u00edch c\u00edl\u016f, kter\u00e9 Red Team n\u00e1sledn\u011b vyu\u017eije k \u00fatoku (jinak by toti\u017e mohlo doj\u00edt k neleg\u00e1ln\u00edm \u00fatok\u016fm na infrastrukturu, kterou z\u00e1kazn\u00edk nevlastn\u00ed) a seznam zak\u00e1zan\u00fdch metod nebo praktik, kter\u00e9 Red Team nem\u016f\u017ee pou\u017e\u00edt (nap\u0159\u00edklad\u00a0 DoS \u00fatoky, vyd\u00edr\u00e1n\u00ed \/ vyhro\u017eov\u00e1n\u00ed v p\u0159\u00edpad\u011b soci\u00e1ln\u00edho in\u017een\u00fdrstv\u00ed apod).<\/span><\/p>\n

Red Teaming p\u0159esto, \u017ee nejde do \u0161\u00ed\u0159ky, s c\u00edlem identifikovat v\u0161echny mo\u017en\u00e9 zranitelnosti, tak vyu\u017e\u00edv\u00e1 n\u011bkolik vektor\u016f \u00fatok\u016f nad r\u00e1mec b\u011b\u017en\u00fdch penetra\u010dn\u00edch test\u016f (nap\u0159\u00edklad soci\u00e1ln\u00ed in\u017een\u00fdrstv\u00ed).<\/b><\/p>\n

Jeho c\u00edlem je dosa\u017een\u00ed „vlajky“ ( „flag“) jako nap\u0159\u00edklad z\u00edsk\u00e1n\u00ed lok\u00e1ln\u00edho dom\u00e9nov\u00e9ho administr\u00e1tora nebo kompromitace hrani\u010dn\u00edho sm\u011brova\u010de.\u00a0 A toto je mo\u017en\u00e9 doc\u00edlit jak\u00fdmkoliv zp\u016fsobem – od technick\u00e9ho pr\u016fniku na samotn\u00e9 syst\u00e9my a\u017e po psychologickou manipulaci hlavn\u00edho administr\u00e1tora ve firm\u011b.<\/span><\/p>\n

C\u00edlem Red Teaming je otestovat spole\u010dnost na komplexn\u00ed hybridn\u00ed \u00fatok<\/b>, p\u0159i kter\u00e9m jsou vyu\u017eity v\u0161echny mo\u017en\u00e9 dostupn\u00e9 zp\u016fsoby k dosa\u017een\u00ed tohoto c\u00edle.<\/span><\/p>\n

Vztah mezi Red t\u00fdmem a Blue t\u00fdmem je asymetrick\u00fd a to na dvou \u00farovn\u00edch<\/b> – Red Teamu sta\u010d\u00ed naj\u00edt jen jednu zranitelnost, aby se dok\u00e1zal p\u0159i sv\u00e9m \u00fatoku posunout dop\u0159edu.\u00a0 Blue Team oproti tomu mus\u00ed m\u00edt opraven\u00e9 (a neust\u00e1le opravovat) v\u0161echny mo\u017en\u00e9 zneu\u017eiteln\u00e9 zranitelnosti.\u00a0 Sou\u010dasn\u011b Red Teamu sta\u010d\u00ed ud\u011blat jednu chybu, aby ho Blue Team dok\u00e1zal odhalit (a nap\u0159\u00edklad zcela zablokovat) a Red Team mus\u00ed za\u010d\u00edt znovu.<\/span><\/p>\n

2 Pr\u016fb\u011bh Red Teamingu<\/span><\/h1>\n

2.1 Z\u00edsk\u00e1v\u00e1n\u00ed informac\u00ed (Information Gathering)<\/span><\/h2>\n

Jde o pasivn\u00ed, \u00favodn\u00ed f\u00e1zi Red Teaming.\u00a0 C\u00edlem t\u00e9to f\u00e1ze je z ve\u0159ejn\u011b dostupn\u00fdch zdroj\u016f (datab\u00e1z\u00ed, registr\u016f, vyhled\u00e1va\u010d\u016f, soci\u00e1ln\u00edch s\u00edt\u00ed) z\u00edskat co nejv\u00edce informac\u00ed, kter\u00e9 mohou b\u00fdt vyu\u017eity p\u0159i dal\u0161\u00edm pr\u016fniku.\u00a0 Jde zejm\u00e9na o:<\/span><\/p>\n