Counter-hacking the hackers with ‘The Art of War’ ?

A late night thought about blue teams going guerilla

Attack surface is a question of perception, illustrated by Cubone and the gang

After having spent most of my information security career defending and responding to threats, I took some time off and got back to toying with the darker side .

Amongst the pile of links I had to catch up on, I stumbled on a brilliant piece by bluescreenofjeff.

As mentioned on the project’s description, it is intended to provide resources for setting up a resilient Red Team infrastructure. And trust me when I say this, it delivers.

Seeing how creative, sneaky and smart those Red Teamers were getting, I thought it could be interesting to look for more creative counter-measures.

Reality check

As we all know, history tends to repeat itself. So lets take a look at where we could go from there. And low and behold, Wikipedia has our back.


Nothing really new for most things

  • In-depth defence was coined by Vauban back when Catholics and Protestants didn’t play well. The concept of citadels and bastions, that’s also him.
  • Intrusion Detection Systems are basically Naval Acoustic Signatures with really loud fish.
2014 training footage leak
  • Anti-viruses, even if you should always have one, act like Paul Blart the mall cop or an ultra-selective Berlin bouncer.

So… What then

Lets add some Sun Tzu to the mix. Sun Tzu was a brilliant weirdo. Some of his ideas were too abstract to deploy in a industrial, solid and strict environment, like the IDS or anti-virus use-cases. In other words, they don’t fit in the regular scope of a Red Team’s engagement tactics.

Remember Vietnam ? Yeah, awkward…

The Americans were big, angry, and determined to pwn noobs. They had solid support infrastructure, solid offensive manoeuvres, solid communications relays and solid weapons.

Then they faced some Sun Tzu shenanigans (this guy).

Modern Sun Tzu shenanigans on tape

Consider how our digital world is inspired by our real world. Nothing new. We’ve just lived through the 2017 elections and the N.Korean missile circus. Then, think about how “History repeats itself” was coined for repeated failures.

Let’s consider repeating the wins 🔥. Off to Wikipedia again


Brain-drizzle

“If you’re on the receiving end of an attack, counter-measures outside the box might also be outside the adversarial box.”

-a guy

Sun Bin

Thats a name, just in case.

He’s considered as a descendant of Sun Tzu’s art. This Japanese naval war beast later too.

Here is an excerpt of Sun Bin’s recount of how he counter-pwned the Battle of Guiling:

1- A southward march at the initial stage of the war, to avoid a decisive battle with Pang Juan
2- Launching a false attack and feigning retreat and defeat in Pingling, which reinforced Pang Juan’s determination to attack Handan (read “BAIT”)
3- Direct advance on Kaifeng (capital city of the Wei state) to force Pang Juan to turn back to rescue Wei
4- Ambush at Guiling to destroy the enemy in one move

5- PROFIT

Let’s take a step back.

There is an evil hacker pivoting through your network. Oh no 😥

What would you do if you could stop time and have a working terminal ?

This is just some food for thoughts. I might write a more serious approach with a few PoCs later on.

Here are some of the excerpts that triggered this post.

All war is based on deception. A wise commander takes measures to let his opponent only react to the wrong circumstances. Diversionary attacks, feints, decoys; there are thousands of tricks that have been successfully used, and still have a role in the future.
Perfidy: Combatants tend to have assumptions and ideas of rules and fair practices in combat, but the ones who raise surrender flags to lure their attackers in the open, or who act as stretcher bearers to deceive their targets, tend to be especially vilified.
False flag: An ancient ruse de guerre — in the days of sail, it was permissible for a warship to fly the flag of an enemy power, so long as it properly hoisted its true colours before attacking. Wearing enemy uniforms and using enemy equipment to infiltrate or achieve surprise is also permissible though they can be punished as spies if caught behind enemy lines.

Thanks for reading :)