Popping your 'Red Team' Cherry
So it’s been a long time since I sat down and put fingers to a keyboard, well in a blog post-y way.
Things at my new job have been going very well;
- I passed my probation with flying colours.
- Learning a ton about Fortinet/Palo Alto Firewalls.
- Sat the NSE4 exam but didn’t pass it - every fail is a learning step so never let it get you down!
- Configured an IPSec VPN for a Palo Alto from scratch (IKE, crypto and everything) and it bloody worked first try… Not bad for someone who mainly works with Fortinet gear.
And recently I was asked something I have been dreaming for 6 years getting ‘serious’ into Cybersecurity…
- Take part in a Red Team Engagment
Holy Shit!!
I know right?
One day at work I had a message from our Lead Pentester asking if I would be interested in taking part in a Red Team Engagement.
Natrually, like most people offered a ticket to something they have always wanted to do, I absolutely snapped that motherf**r off!
Work knows I have a history in pentesting as well as a keen interest in pushing back that way from the networking pivot I am currently on (pentesting will always have my heart).
So because of that I was given the green light - to go red.
The Engagement
While I can’t go into the specifics (for obvious reasons) I can say that this was a fun little exercise.
The objective was to land a pentest drop box (A Raspberry Pi usually with full Kali on it) on the clients network.
Profiling of the target had been completed and various other OSINT bits too (again can’t say much).
Like all things in life, while the planning was straightforward, the execution hit a snag…
Instead of the intended target and origional plan, there were other people and some unexpected changes.
This was where my undiagnosed autism was made to shine.. Also I guess another way of putting it is: ‘the military values a thinking shooter’.
My mind is suprisingly adaptable, it picks up on EVERYTHING but the recall feature still needs an upgrade.
I was listening to conversations behind glass and 15 feet away, calculating opportunities and texting updates to the lead.
After some time, I had an opening…
It was ‘go’ time.
I had everything I need on me;
- The Drop Box
- The Plug
- Ethernet Cable
- A ‘get out of jail’ letter in my back pocket (should the shit hit the fan).
It was everything I have dreamed of after years of hearing stories of physical entry pentesters getting into hotels, military buildings, banks & heliports..
It was on me.
…
Within seconds I had done it.
The drop box was in, turned on, hidden.
I didn’t snap a picture as my brain was stressed out to hell and shocked I had actually done it.
Satisfied it would not be found in 2 minutes I turned around and got the hell out of there.
Our Lead Pentester waved at me from a distance away, I waved back and we headed back to his car where he opened his laptop and checked his Bastion Host.
The only thing that mattered.
In a see of red ‘down’ connections.
A single green ‘up’.
It was me.
I did it!!
He’s in and he’s scanning.
My heart rate didn’t even go over 99.. shoutout to Garmin for that.
The art of the deal
I had this conversation with the Lead Pentester on the way back to the office after the deed was done.
For my readers that are both awesome and have seen it, I said the experience was similar to Nicholas Cage as ‘Yuri’ selling his first gun in Lord or War:
Or to quote in text:
Selling a gun for the first time is a lot like having sex for the first time. You’re excited but you don’t really know what the hell you’re doing. And some way, one way or another, it’s over too fast.
Only replace ‘gun’ with ‘Red Team Engagement’ in this case.
Also you read that in the Nic Cage voice didn’t you?
In all honesty this entire process took less than 15 seconds… probably 10 but when I first plugged in the Pi it wasn’t powering on so had to click the inline power button on the plug.
~15 seconds.
And as he said, Imagine if you were a ransomware group, you landed a box on the target network, it’s not been detected (like at all), you could use that to ransom every PC in the network and demand *thinks about targets size, £15-£20 Million to get their computers back.
It’s just like that, an example of what can really happen.
The After Party
Well that was my first experience on a live Red Team Engagement and it was the most fun I have had as a work day in years.
It really opened my eyes as to just how serious an ‘attack’ could be from an actual threat actor.
It has rejuvinated my love for the ‘hacky’ side of things and because having a job does absolutely wonderful things for your bank balance and credit… I am looking back into Hack The Box (not TryHackMe after all that AI training on your CTF data, even when they say it wasn’t) as well as an Silver Annual Membership to the academy as it would technically be cheaper than a silver monthly and buying extra cubes as I devour content.
Do I have the bug to do more Red Team realted activities?
You bet your sweet ass I do!
I need to get back to what ‘I’ was before.
To quote what a good internet friend has said many many times…
“Nothing to it but to do it”.
He also dropped another pearl of wisdom like the one above but I’ll share that one on a later update.
For now though? I am resting my body and spine after spending 4 hours doing the gardening.
I’m at that age where I know if I have put on weight because my back start hurting from the slightest thing (even walking 200 feet feels like I’m folding backwards in half)
So tl;dr on that, I have Paracetamol, water, moisturized, in my lane and I am happy.
Stay Dangerous, Friends.
🤙 shoots.
I don’t have any sponsors or anything but if you enjoy my work, or feel sympathy for my wife, then I have set up a Ko-Fi account as well as a BuyMeACoffee people can donate to.
