Hello world and welcome to Haxez, in this post I’m going to be going through the first room in the Red Team learning path on TryHackMe. The first room doesn’t require a lot of technical skills. It is mostly just reading and getting to grips with the terminology of what a Red Team is.
Task 1 – Red Team Introduction
The first task in the series doesn’t require you to answer any questions. It is just an introduction in to the path and talks about some very basic principles of Red Team engagements. It explains that they are better than standard Penetration Tests and Vulnerability Assessments. Furthermore, the lab ends with just having to acknowledge that you have read the material.

Task 2 – Vulnerability Assessment and Penetration Tests Limitations
The second task further elaborates on the differences between Penetration Tests, Vulnerability Assessments, and Red Team engagements. Furthermore, it goes on to talk about the constraints of Penetration Tests and Vulnerability Assessments. How things like time, budget, scope, disruption, and the heavy focus on technology limit the effectiveness of those tests.

Question: Would vulnerability assessments prepare us to detect a real attacker on our networks? (Yay/Nay)
Answer: Nay
Question: During a penetration test, are you concerned about being detected by the client? (Yay/Nay)
Answer: Nay
Question: Highly organized groups of skilled attackers are nowadays referred to as …
Answer: Advanced Persistent Threats
Task 3 – Red Team Engagements
Task 3 goes on to talk about the engagements themselves and how they borrowed the name from the military. Furthermore, it introduces the terms Tactics, Techniques, and Procedures, or TTPs for short. It explains how the goal of an engagement is to capture the Crown Jewels or flags. Furthermore, it also explains how Red Team engagements cover more than just vulnerability scanning. It covers the technical infrastructure, social engineering, and physical intrusion such as turning up and trying to bypass on-site security. However, it doesn’t end there. Additionally, the author talks about the different types of exercises such as full engagement, assumed breach, and tabletop exercises.

Question: The goals of a red team engagement will often be referred to as flags or…
Answer: crown jewels
Question: During a red team engagement, common methods used by attackers are emulated against the target. Such methods are usually called TTP. What does TTP stand for?
Answer: Tactics, techniques, and procedures
Question: The main objective of a red team engagement is to detect as many vulnerabilities in as many hosts as possible (Yay/Nay)
Answer: Nay
Task 4 – Teams and Functions of an Engagement
The next task focuses on the structure of the different teams and the functions of the engagement. In reality, I believe that the desired structure of the team is seldom implemented. For example, it is more than likely that the team will consist of a Red Cell Lead and a Red Cell Operator. It would be desirable to have a Red Cell Assistant Lead but that often isn’t the case. As can be seen from the image below the author explains that there are three teams. The Red Team, the Blue Team, and the White Team. The Red Team is attacking, the blue team is defending (often without the knowledge of the attack) and the white team is playing middle man.

Question: What cell is responsible for the offensive operations of an engagement?
Answer: Red Cell
Question: What cell is the trusted agent considered part of?
Answer: White Cell
Task 5 – Engagement Structure
The objectives of task 5 are to educate the reader on the Cyber Kill Chain. As can be seen from the image below, the kill chain is made up of 7 different stages. Namely, recon, weaponization, delivery, exploitation, installation, command & control, and actions on objectives. Furthermore, it explains each of these stages and what their purpose is.

Question: If an adversary deployed Mimikatz on a target machine, where would they be placed in the Lockheed Martin cyber kill chain?
Answer: Installation
Question: What technique’s purpose is to exploit the target’s system to execute code?
Answer: Exploitation
Task 6 – Overview of a Red Team Engagement
Until now the tasks haven’t been very hands-on. However, this task asks you to assume the role of an attacker and walk through the different stages of an engagement. Furthermore, it has an interactive web application with great graphics that explains each step in detail. This is a really fun exercise, especially for those trying to build their technical skills.

Question: Click the “View Site” button and follow the example engagement to get the flag
Answer: THM{RED_TEAM_ROCKS}
Task 7 – Conclusion
Surely the room is harder than that? nope, that’s it. Once you have read through all that material and submitted your answers you’re done. Furthermore, you may be lucky enough to win some tickets for the competition which could allow you to net some swag.
