Red Team Part 1 – Red Team Fundamentals | TryHackMe

Red Team Part 1 - Red Team Fundamentals | TryHackMe

Hello world and welcome to Haxez, in this post I’m going to be going through the first room in the Red Team learning path on TryHackMe. The first room doesn’t require a lot of technical skills. It is mostly just reading and getting to grips with the terminology of what a Red Team is.

Task 1 – Red Team Introduction

The first task in the series doesn’t require you to answer any questions. It is just an introduction in to the path and talks about some very basic principles of Red Team engagements. It explains that they are better than standard Penetration Tests and Vulnerability Assessments. Furthermore, the lab ends with just having to acknowledge that you have read the material.

Task 1 – Red Team Fundamentals

Task 2 – Vulnerability Assessment and Penetration Tests Limitations

The second task further elaborates on the differences between Penetration Tests, Vulnerability Assessments, and Red Team engagements. Furthermore, it goes on to talk about the constraints of Penetration Tests and Vulnerability Assessments. How things like time, budget, scope, disruption, and the heavy focus on technology limit the effectiveness of those tests.

Task 2 – Vulnerability Assessment and Penetration Tests Limitations

Question: Would vulnerability assessments prepare us to detect a real attacker on our networks? (Yay/Nay)

Answer: Nay

Question: During a penetration test, are you concerned about being detected by the client? (Yay/Nay)

Answer: Nay

Question: Highly organized groups of skilled attackers are nowadays referred to as …

Answer: Advanced Persistent Threats

Task 3 – Red Team Engagements

Task 3 goes on to talk about the engagements themselves and how they borrowed the name from the military. Furthermore, it introduces the terms Tactics, Techniques, and Procedures, or TTPs for short. It explains how the goal of an engagement is to capture the Crown Jewels or flags. Furthermore, it also explains how Red Team engagements cover more than just vulnerability scanning. It covers the technical infrastructure, social engineering, and physical intrusion such as turning up and trying to bypass on-site security. However, it doesn’t end there. Additionally, the author talks about the different types of exercises such as full engagement, assumed breach, and tabletop exercises.

Task 3 - Red Team Engagements
Task 3 – Red Team Engagements

Question: The goals of a red team engagement will often be referred to as flags or…

Answer: crown jewels

Question: During a red team engagement, common methods used by attackers are emulated against the target. Such methods are usually called TTP. What does TTP stand for?

Answer: Tactics, techniques, and procedures

Question: The main objective of a red team engagement is to detect as many vulnerabilities in as many hosts as possible (Yay/Nay)

Answer: Nay

Task 4 – Teams and Functions of an Engagement

The next task focuses on the structure of the different teams and the functions of the engagement. In reality, I believe that the desired structure of the team is seldom implemented. For example, it is more than likely that the team will consist of a Red Cell Lead and a Red Cell Operator. It would be desirable to have a Red Cell Assistant Lead but that often isn’t the case. As can be seen from the image below the author explains that there are three teams. The Red Team, the Blue Team, and the White Team. The Red Team is attacking, the blue team is defending (often without the knowledge of the attack) and the white team is playing middle man.

Task 4 - Teams and Functions of an Engagement
Task 4 – Teams and Functions of an Engagement

Question: What cell is responsible for the offensive operations of an engagement?

Answer: Red Cell

Question: What cell is the trusted agent considered part of?

Answer: White Cell

Task 5 – Engagement Structure

The objectives of task 5 are to educate the reader on the Cyber Kill Chain. As can be seen from the image below, the kill chain is made up of 7 different stages. Namely, recon, weaponization, delivery, exploitation, installation, command & control, and actions on objectives. Furthermore, it explains each of these stages and what their purpose is.

Task 5 - Engagement Structure
Task 5 – Engagement Structure

Question: If an adversary deployed Mimikatz on a target machine, where would they be placed in the Lockheed Martin cyber kill chain?

Answer: Installation

Question: What technique’s purpose is to exploit the target’s system to execute code?

Answer: Exploitation

Task 6 – Overview of a Red Team Engagement

Until now the tasks haven’t been very hands-on. However, this task asks you to assume the role of an attacker and walk through the different stages of an engagement. Furthermore, it has an interactive web application with great graphics that explains each step in detail. This is a really fun exercise, especially for those trying to build their technical skills.

Task 6 - Overview of a Red Team Engagement
Task 6 – Overview of a Red Team Engagement

Question: Click the “View Site” button and follow the example engagement to get the flag

Answer: THM{RED_TEAM_ROCKS}

Task 7 – Conclusion

Surely the room is harder than that? nope, that’s it. Once you have read through all that material and submitted your answers you’re done. Furthermore, you may be lucky enough to win some tickets for the competition which could allow you to net some swag.

Task 7 - Conclusion
Task 7 – Conclusion