Topic Guide
What Is Red teaming?
Red teaming is a subject covered in depth across 3 podcast episodes in our database. Below you'll find key concepts, expert insights, and the top episodes to listen to β all distilled from hours of conversation by leading experts.
Key Concepts in Red teaming
Macro virus
A type of computer virus written in a macro language, typically for office applications like Microsoft Excel or Word. Greg created one in high school to automatically alter his grades and attendance, demonstrating how seemingly innocuous features can be weaponized for malicious purposes [13:42].
Fuzzing
A software testing technique that involves inputting large amounts of semi-random or malformed data into a program to expose vulnerabilities and cause crashes. Greg describes manually fuzzing Microsoft Word with a hex editor to identify unexpected behaviors and potential zero-day exploits [31:53].
Zero-day vulnerability
A software flaw unknown to the vendor, meaning there are 'zero days' for a patch to exist. Finding these is a high-stakes endeavor for security researchers like Greg, as they represent novel threats that can be exploited before defenses are in place [29:29].
Boot-root
A technique to gain elevated (root) access to a system by booting it from an external device (e.g., USB drive) and replacing a system component, such as Sticky Keys, with a command shell. Greg used this method to compromise servers during a physical pen test [89:27].
Arp poisoning (layer 2 attack)
A network attack where an attacker sends fake Address Resolution Protocol (ARP) messages over a local area network, linking the attacker's MAC address with the IP address of a legitimate device. Greg successfully employed this to steal crucial credentials during a red team engagement, highlighting the effectiveness of foundational network exploits [62:08, 80:11].
Osint (open-source intelligence)
OSINT is the practice of collecting information from publicly available sources to gather intelligence about a target. In this episode, Maxi Reynolds uses OSINT to research target companies, learning details like their international connections or specific maintenance needs to formulate a pretext for social engineering, proving its importance in planning penetration tests (08:35, 45:59).
What Experts Say About Red teaming
- 1.Greg Linares was arrested at 14 for creating a macro virus in Excel that changed his grades and attendance in high school, making him the youngest person in Arizona arrested for a computer crime [13:42, 16:54].
- 2.While at cybersecurity company eEye, Linares initially found a 'zero-day' in Microsoft Office 2007 that only triggered with a debugger attached, nearly costing him his job due to company embarrassment after a press release [39:53, 40:58].
- 3.To save his career and the company's reputation, Linares and his eEye team worked for three consecutive days to find a legitimate zero-day vulnerability, eventually succeeding with an exploit in Office Visio [43:07, 46:16].
- 4.During a challenging red team engagement, Linares and his coworker, on the verge of failure, used ARP poisoning to sniff a plain text credential for a build system, allowing them to roll out code to production that marked customer credit card data as '*stolen last four digits*' [62:08, 63:13].
- 5.Tasked with exfiltrating DNA data, Linares used a hollowed-out printer and a shopping cart full of hard drives purchased from Best Buy to covertly remove petabytes of sensitive genetic information from a client's facility over several days [68:09, 70:42].
- 6.In a physical penetration test against a venture capital firm, Linares gained entry by climbing a tree to a balcony, prying open a security door, using a cloned badge, and disarming an alarm with a stolen code from an employee's onboarding email [88:22, 89:27].