Choose Your Own Red Team Adventure

Tim MalcomVetter
May 15, 2019 · 3 min read
Image for post
Image for post

The following story is your opportunity to pretend you’re going up against a world-class security program’s defenses. You get to decide how you would act at each important step, but you have to live with the result! (Or you can cheat, come back to this page, and choose a different path over and over again, so you can learn more — this is encouraged!)


It is possible that you could make some of these choices in an enterprise environment and avoid detection because the security program doesn’t have the maturity demonstrated in each particular example. However, I once heard of a SWAT instructor who was fond of telling his students:

“Do not let fortuitous outcomes reinforce bad tactics”

For those us who have much less to lose in our day jobs than a SWAT team: just because you reached your objectives, that doesn’t mean your choices will always work. In some cases, there is no clear answer; there’s always a trade-off. In this story, you’ll have to roll the dice and find out.

This story line aims to do a few things:

- Challenge defenders to bring world class defense to their organizations (this is always why we red team)

- Challenge red teamers to really think long and deep about the way the operate

- Educate anyone interested in red teaming about the finer details of the craft: the planning and complex thinking

Let’s get started…

So your team lead decides you must use spearphishing with an attachment (T1193). You have a master social engineer on the team who has crafted the lure for the phish, and another “capabilities developer” who has crafted the initial execution method in the attached payload. Your job is to handle the operation after initial access is acquired.

Your phish payload lands on a host, executes, and calls back to your command and control server. What is the first thing you do?

Run Mimikatz to collect plaintext passwords.

Figure out where I am.

Figure out what’s running on this host.

Prompt the user for their password.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store