WEBVTT 1 00:00:00.040 --> 00:00:02.720 Hey everyone, and welcome to this deep dive where we're 2 00:00:02.759 --> 00:00:05.320 going to be taking a close look at red teaming. 3 00:00:05.480 --> 00:00:06.400 Yeah, red teaming. 4 00:00:06.559 --> 00:00:09.759 So you've you've probably heard the term before, but what 5 00:00:09.800 --> 00:00:10.839 does it really mean? 6 00:00:11.039 --> 00:00:11.199 Right? 7 00:00:11.439 --> 00:00:13.720 What does it mean in the in the context of 8 00:00:13.919 --> 00:00:15.560 professional cybersecurity? 9 00:00:15.800 --> 00:00:16.079 Yeah? 10 00:00:16.440 --> 00:00:19.440 So, and what we're going to do today is we're 11 00:00:19.480 --> 00:00:22.960 going to go way beyond kind of the how to 12 00:00:23.160 --> 00:00:26.160 hack and really get into some of the strategic thinking 13 00:00:26.359 --> 00:00:28.559 and challenges that these experts face. 14 00:00:28.640 --> 00:00:30.600 Yeah. And it's it's not just the how to, it's 15 00:00:30.640 --> 00:00:35.320 the why, right, the what, the strategic element of it. 16 00:00:35.479 --> 00:00:38.439 And we've had some really fascinating source material today that's 17 00:00:38.439 --> 00:00:39.920 going to help us kind of unpack all of this. 18 00:00:40.119 --> 00:00:40.880 Yeah, for sure. 19 00:00:41.000 --> 00:00:42.880 One of the things I thought was really interesting was 20 00:00:43.280 --> 00:00:46.000 that getting caught isn't always a failure. 21 00:00:46.159 --> 00:00:49.200 Oh, absolutely, the red team getting caught can be the 22 00:00:49.359 --> 00:00:53.719 point sometimes, right, And even if it's not the point, Yeah, 23 00:00:53.759 --> 00:00:56.000 Like if you're truly trying to be stealthy and you 24 00:00:56.000 --> 00:00:58.880 get caught, yeah, that's still a learning experience. 25 00:00:59.000 --> 00:01:02.280 Yes, what did we do wrong? What can we improve? 26 00:01:02.759 --> 00:01:04.439 How can we be more stealthy next time? 27 00:01:04.719 --> 00:01:07.359 Yeah? And there's this, you know, there's all this buzz 28 00:01:07.400 --> 00:01:14.560 around like AI and automation and cybersecurity. But our sources 29 00:01:14.680 --> 00:01:19.680 really make this this compelling argument for why human hackers 30 00:01:19.719 --> 00:01:23.159 are still essential totally. Like I was reading about this 31 00:01:23.239 --> 00:01:29.079 one scenario where this red teamer used basically a shortcut 32 00:01:29.079 --> 00:01:34.159 command this alias, and through a series of like I 33 00:01:34.640 --> 00:01:36.760 don't even know if it was mistakes on the organization's 34 00:01:36.799 --> 00:01:40.560 part or just like oversights, oversights, they ended up gaining 35 00:01:40.599 --> 00:01:44.519 access to their entire AWS cloud infrastructure. 36 00:01:44.599 --> 00:01:47.079 It can be really really simple oversights too, you know, 37 00:01:47.280 --> 00:01:48.280 like a lot of times, like. 38 00:01:48.239 --> 00:01:50.599 A little thread that you pull on and that unravels 39 00:01:50.599 --> 00:01:51.120 the whole thing. 40 00:01:51.359 --> 00:01:53.120 Exactly, yeah, exactly. 41 00:01:53.200 --> 00:01:56.400 And our sources also this was really interesting kind of 42 00:01:56.439 --> 00:02:00.760 challenging this idea of checkless security security. 43 00:02:01.280 --> 00:02:02.799 Like you know, you check all the boxes and you 44 00:02:02.799 --> 00:02:04.120 think you're good, but right, and. 45 00:02:04.079 --> 00:02:06.519 You're missing you're missing the point. You know, you're missing 46 00:02:06.519 --> 00:02:07.280 the bigger picture. 47 00:02:07.400 --> 00:02:10.599 So red teaming forces you to think outside the box. 48 00:02:10.719 --> 00:02:13.560 You got it, Okay, So let's break down what red 49 00:02:13.560 --> 00:02:18.360 teaming actually is. Okay, Like, how would you explain this 50 00:02:18.400 --> 00:02:21.599 to someone who maybe isn't a cybersecurity expert. 51 00:02:21.879 --> 00:02:24.319 So I like to think of penetration testing which everyone's 52 00:02:24.360 --> 00:02:27.479 heard of. Right. Penetration testing is kind of like we're 53 00:02:27.479 --> 00:02:31.120 going to check this bridge for structural weaknesses, okay. Red 54 00:02:31.159 --> 00:02:34.120 teaming is we're going to simulate a massive earthquake okay, 55 00:02:34.360 --> 00:02:36.199 and see if the whole thing falls down. Got it. 56 00:02:36.599 --> 00:02:37.719 So it's much broader. 57 00:02:37.879 --> 00:02:40.400 So pen testing is more focused like. 58 00:02:40.400 --> 00:02:42.919 Looking for specific vulnerability. 59 00:02:42.360 --> 00:02:44.759 Specific vulnerabilities, but red teaming. 60 00:02:44.479 --> 00:02:46.439 Is broader, bigger pictures like the. 61 00:02:46.479 --> 00:02:49.319 Whole, the whole, the whole, enchilada exactly. 62 00:02:49.439 --> 00:02:55.280 Yeah, it's how it's like, how would the organization prevent, detect, 63 00:02:55.400 --> 00:02:58.680 and respond to a real atta. You know. That's kind 64 00:02:58.680 --> 00:03:00.080 of the goal of red teaming. 65 00:02:59.840 --> 00:03:02.919 And the book Professional Red Teaming actually goes into different 66 00:03:02.960 --> 00:03:05.280 types of red teaming engagements. 67 00:03:05.560 --> 00:03:08.719 Yes, So there's we've got the holistic compromise, We've got 68 00:03:08.759 --> 00:03:11.960 specific compromise okay, and we've got assumed compromise. 69 00:03:12.120 --> 00:03:14.639 Okay. So holistic is like we're going to try and 70 00:03:14.680 --> 00:03:17.000 like fully compromise your system. 71 00:03:17.080 --> 00:03:18.520 Yeah, like take over everything. 72 00:03:18.639 --> 00:03:19.000 Okay. 73 00:03:19.280 --> 00:03:21.639 You know, I think like the bank robbery example, we're 74 00:03:21.680 --> 00:03:24.719 going to rob the whole bank. Specific is like maybe 75 00:03:24.759 --> 00:03:27.759 we just want to get access to customer data something 76 00:03:27.879 --> 00:03:33.639 very specific, got it? And then assumed compromise is interesting, Yeah, 77 00:03:33.680 --> 00:03:38.080 because you're starting from the point of you that the 78 00:03:38.120 --> 00:03:40.840 attackers are already inside, okay, you know, so you're not 79 00:03:40.879 --> 00:03:43.319 worried about how they got in. You're worried about what 80 00:03:43.319 --> 00:03:44.560 they can do once they're there. 81 00:03:45.000 --> 00:03:48.520 So you're starting like midway through the movies exactly, and 82 00:03:48.560 --> 00:03:50.560 you're and you're seeing what damage. 83 00:03:50.240 --> 00:03:51.520 They can do exact. 84 00:03:51.680 --> 00:03:53.479 I mean that's kind of a sobering thought, right. 85 00:03:55.039 --> 00:03:57.159 It is. Yeah, it is, and it's becoming more and 86 00:03:57.240 --> 00:04:00.000 more relevant, you know. I mean, it's kind of an 87 00:04:00.039 --> 00:04:02.719 evitability at this point. Yeah, some attacker is going to 88 00:04:02.759 --> 00:04:03.439 get in somewhere. 89 00:04:03.520 --> 00:04:05.439 It's not if it's when exactly. 90 00:04:05.719 --> 00:04:07.319 Yeah, So how do we respond? 91 00:04:07.479 --> 00:04:11.240 Okay, so we've established what red teaming is, we've talked 92 00:04:11.240 --> 00:04:14.439 about the different types of engagements, but let's get into 93 00:04:14.479 --> 00:04:19.160 like why humans are still so crucial for cybersecurity. 94 00:04:19.560 --> 00:04:25.000 So academics are looking at ways to automate red teaming, 95 00:04:25.040 --> 00:04:28.160 which is really interesting, and they've kind of broken it 96 00:04:28.199 --> 00:04:33.240 down into these three categories, non pivot, non exploit okay, 97 00:04:33.639 --> 00:04:38.079 non pivot, exploit, and exploit pivot Okay, So those are 98 00:04:38.079 --> 00:04:38.680 the three things. 99 00:04:38.720 --> 00:04:40.879 So they're trying to mimic the steps that a human 100 00:04:40.920 --> 00:04:43.839 hacker would take exactly, but they're falling short in a 101 00:04:43.839 --> 00:04:45.079 lot of key areas. 102 00:04:45.360 --> 00:04:45.800 They are. 103 00:04:45.879 --> 00:04:49.600 And it's interesting the book talks about these different scenarios 104 00:04:50.040 --> 00:04:51.839 where like human ingenuity was. 105 00:04:51.839 --> 00:04:54.279 Just and it's something you can't really program, you know, 106 00:04:54.759 --> 00:04:57.639 that intuition. You can't really automate that yet. 107 00:04:57.720 --> 00:05:00.439 So this one scenario I was reading about this where 108 00:05:00.480 --> 00:05:03.600 the Red Teamer found this alias. It was like a 109 00:05:03.600 --> 00:05:06.279 simple command alias, and it kind of dug a little 110 00:05:06.319 --> 00:05:10.040 deeper and it turned out that alias actually revealed the location. 111 00:05:10.759 --> 00:05:14.639 Oh wow, helped their AWS jump box. So this is 112 00:05:14.759 --> 00:05:18.519 like a server that they use to access their cloud 113 00:05:18.519 --> 00:05:22.439 infrastructure and for whatever reason, the way they have this 114 00:05:22.800 --> 00:05:26.680 set up, the Red Teamer was able to use that 115 00:05:26.839 --> 00:05:32.879 jump box to basically take over our entire AWS cloud infrastructure. 116 00:05:33.160 --> 00:05:36.120 That's a huge that's a huge oversight. 117 00:05:35.879 --> 00:05:39.439 Like I can't imagine automated tool figuring that out. 118 00:05:39.560 --> 00:05:44.279 No, because it's not it's not a technical vulnerability. It's 119 00:05:44.360 --> 00:05:48.560 a human error. It's an oversight, it's a misconfiguration. 120 00:05:48.800 --> 00:05:50.839 And this other one, I thought this was really interesting too. 121 00:05:51.000 --> 00:05:55.720 They found this splunk forwarder service listening. 122 00:05:55.319 --> 00:05:57.720 On a local port Oh interesting. 123 00:05:57.480 --> 00:06:00.399 Right, and this is something that again, like an automated scan, 124 00:06:00.639 --> 00:06:02.160 it probably wouldn't have picked up, right. 125 00:06:02.199 --> 00:06:06.720 It's not inherently a vulnerability, it's how it's configured and 126 00:06:06.879 --> 00:06:07.920 how it's used. 127 00:06:07.800 --> 00:06:09.360 Right, And they were able to use that to. 128 00:06:10.920 --> 00:06:14.800 Gain basically elevated privileges and then kind of pivot from. 129 00:06:14.600 --> 00:06:16.439 There take over the whole network. 130 00:06:16.480 --> 00:06:18.360 Yeah, take over the whole network exactly. 131 00:06:18.439 --> 00:06:20.800 So it really shows you that you can't just rely on. 132 00:06:20.759 --> 00:06:25.519 These automated tools. Yeah. Humans are still very much needed 133 00:06:25.519 --> 00:06:26.240 in this space. 134 00:06:26.600 --> 00:06:29.040 So it's more of a partnership I guess it is, Yeah, 135 00:06:29.120 --> 00:06:31.240 between humans and machines exactly. 136 00:06:31.319 --> 00:06:34.000 You use the machines to automate the boring stuff, right, 137 00:06:34.040 --> 00:06:36.800 and then you use humans to do the thinking. 138 00:06:36.600 --> 00:06:39.160 To do the creative problem solving exactly. 139 00:06:39.240 --> 00:06:39.439 Yeah. 140 00:06:39.480 --> 00:06:42.240 Okay, so let's let's talk about some of the challenges 141 00:06:42.279 --> 00:06:46.839 of red teaming, because it's not all like smooth sailing, right, absolutely. 142 00:06:47.279 --> 00:06:49.879 Like one of the biggest I think is just that 143 00:06:50.000 --> 00:06:53.879 inherent like adversarial totally nature. 144 00:06:53.600 --> 00:06:55.720 Of it, right, Like Red teamers are coming in, they're 145 00:06:55.720 --> 00:06:56.759 trying to break stuff. 146 00:06:56.800 --> 00:06:58.360 They're trying to break stuff. 147 00:06:58.120 --> 00:07:00.040 No, and that could rub people the wrong way. I 148 00:07:00.199 --> 00:07:03.079 bet Yeah, especially internal security teams. You know, like, hey, 149 00:07:03.079 --> 00:07:04.079 we're doing our job. 150 00:07:04.279 --> 00:07:06.319 Right, We're trying to protect this, Why are you trying. 151 00:07:06.160 --> 00:07:08.600 To break it? Yea, So there could be some friction. 152 00:07:08.439 --> 00:07:09.600 There, Yeah, I would see that. 153 00:07:09.680 --> 00:07:13.480 Yeah. So communication is super important absolutely, you know, having 154 00:07:13.480 --> 00:07:15.120 a good relationship right with. 155 00:07:15.120 --> 00:07:18.120 The blue team, making sure everybody's on the same page exactly. 156 00:07:18.240 --> 00:07:18.639 Yeah. 157 00:07:18.680 --> 00:07:22.319 Another challenge I was reading about this is how do 158 00:07:22.360 --> 00:07:26.920 you scope an engagement in right? Right, because there are 159 00:07:26.920 --> 00:07:29.480 all these like real world constraints. 160 00:07:29.560 --> 00:07:32.839 You got time constraints, you got budget constraints, right, you 161 00:07:32.959 --> 00:07:37.279 got risk tolerance, risk tolerance, you know, the organization might say, 162 00:07:37.279 --> 00:07:39.240 hey you can't do this, you can't touch that, so 163 00:07:39.279 --> 00:07:43.040 you be really careful yeah about how you scope the engagement. 164 00:07:43.120 --> 00:07:45.560 So there's a lot of like upfront. 165 00:07:45.560 --> 00:07:48.120 A lot of planning, planning, yeah, a lot of talking, 166 00:07:48.600 --> 00:07:50.560 you know, getting everyone on the same page. Yeah. 167 00:07:50.600 --> 00:07:52.639 And this kind of gets into the legal and ethical 168 00:07:52.680 --> 00:07:56.399 stuff too, right, yes, absolutely, Like there are certain things 169 00:07:56.480 --> 00:07:59.160 that you know, maybe you can't do, you know, if 170 00:07:59.199 --> 00:08:02.720 there's sensitive and like iPath. Yeah, yeah, you know, all 171 00:08:02.759 --> 00:08:04.480 these regulations you got to be aware. 172 00:08:04.279 --> 00:08:07.519 Of, and that's where those rules of engagement come in right, Yes, absolutely, 173 00:08:07.639 --> 00:08:11.560 So this is like a document that outlines very specifically. 174 00:08:11.600 --> 00:08:13.000 Yeah, it's a contract. 175 00:08:12.560 --> 00:08:14.399 What the Red team can and can't. 176 00:08:14.120 --> 00:08:16.040 Do, what you can do, what you can't do. 177 00:08:16.079 --> 00:08:18.959 They're allowed to access, they're allowed to touch what systems? 178 00:08:19.120 --> 00:08:20.959 Yeah, when you can do it, when they can do it. 179 00:08:21.199 --> 00:08:24.879 You know, it's very very specific and they have. 180 00:08:24.800 --> 00:08:28.680 To stick to that absolutely. Okay. So we've talked about 181 00:08:28.720 --> 00:08:33.000 some of the challenges. Yeah, and you know, the adversarial 182 00:08:33.120 --> 00:08:34.639 nature of red teaming. 183 00:08:34.480 --> 00:08:37.600 But our sources also talk about this thing called purple teaming. 184 00:08:37.799 --> 00:08:39.159 Yes, purple teaming. 185 00:08:38.879 --> 00:08:41.240 And this is where things start to get really interesting. 186 00:08:41.440 --> 00:08:44.639 So purple teaming is all about collaboration, okay. You know, 187 00:08:44.679 --> 00:08:48.360 it's about breaking down those silos between the Red team 188 00:08:48.440 --> 00:08:49.240 and the Blue team. 189 00:08:49.480 --> 00:08:53.080 So instead of being adversaries, yeah, they're like allies. 190 00:08:53.120 --> 00:08:56.639 They're working together, working together. You're sharing knowledge to. 191 00:08:56.639 --> 00:09:00.399 Achieve a common goal exactly, which is better security, better 192 00:09:00.440 --> 00:09:04.360 security for everyone. So how does that actually work in practice? 193 00:09:04.960 --> 00:09:07.159 So there's a bunch of different ways you can do 194 00:09:07.159 --> 00:09:11.360 purple teaming. Okay. One is reciprocal awareness. Okay, so both 195 00:09:11.399 --> 00:09:13.639 teams know what the other team is doing, okay, and 196 00:09:13.679 --> 00:09:17.519 they're kind of working together like in a sparring match. Okay, 197 00:09:17.559 --> 00:09:19.720 you know they're learning from each other, got it. Then 198 00:09:19.759 --> 00:09:22.519 you get the unwitting host. Okay, so the Blue team 199 00:09:22.559 --> 00:09:25.559 doesn't even know they're being tested. Okay, so this is 200 00:09:25.559 --> 00:09:28.399 a good way to see how they would respond to 201 00:09:28.600 --> 00:09:31.200 a real attack, right because they're not expecting it. 202 00:09:31.399 --> 00:09:34.240 Yeah, like a surprise fire drill exactly, yeah, exactly. And 203 00:09:34.279 --> 00:09:35.759 then you have the unwitting attacker. 204 00:09:36.159 --> 00:09:40.200 Yes, so the Red team doesn't know they're being watched. Okay, 205 00:09:40.360 --> 00:09:42.679 so the Blue team can kind of see, observe their 206 00:09:42.720 --> 00:09:45.039 tax observe their tactics. You see what they're doing, how 207 00:09:45.039 --> 00:09:45.600 they're doing it. 208 00:09:45.679 --> 00:09:46.120 Interesting. 209 00:09:46.159 --> 00:09:49.480 We've also got red handed testing okay, where the Red 210 00:09:49.519 --> 00:09:54.759 team intentionally gets caught, okay, to see how the Blue 211 00:09:54.759 --> 00:09:59.759 team responds. Oh interesting, like what's their incident response process? 212 00:10:00.240 --> 00:10:03.080 Testing their incident response exactly okay. And then finally you 213 00:10:03.120 --> 00:10:03.960 got catch and release. 214 00:10:04.159 --> 00:10:04.840 Catch and release. 215 00:10:04.919 --> 00:10:07.600 So the blue team catches the Red team, the Red 216 00:10:07.639 --> 00:10:08.960 team steps up their. 217 00:10:08.879 --> 00:10:11.320 Game, Okay, they try again, They try again. 218 00:10:11.159 --> 00:10:13.159 Blue team catches them again, okay, and so on and 219 00:10:13.159 --> 00:10:13.600 so forth. 220 00:10:13.720 --> 00:10:17.240 So it's like this iterative process exactly where they're both 221 00:10:17.519 --> 00:10:18.639 learning and improving. 222 00:10:19.000 --> 00:10:20.120 Both sides are getting better. 223 00:10:20.240 --> 00:10:23.399 Yeah, okay, Now, one last thing before we wrap up 224 00:10:23.399 --> 00:10:25.559 this part of the Deep Dive, I want to talk 225 00:10:25.559 --> 00:10:29.559 about this concept called cappy t teaming, dag teaming, yeah, 226 00:10:29.639 --> 00:10:31.120 counter apt red teaming. 227 00:10:32.159 --> 00:10:34.399 It's it's when the stakes are really high. 228 00:10:34.519 --> 00:10:34.759 Okay. 229 00:10:34.799 --> 00:10:37.320 You know we're talking about critical infrastructure like the Crown 230 00:10:37.399 --> 00:10:40.519 Jewels exactly. Yeah, the Crown Jewels, the things that if 231 00:10:40.559 --> 00:10:44.679 they got compromised, yeah, it would be a really really 232 00:10:44.720 --> 00:10:45.320 bad day. 233 00:10:45.519 --> 00:10:48.840 Okay. And so what are like the key principles of this. 234 00:10:49.279 --> 00:10:52.759 So the key principles are one, we assume breach. Okay, 235 00:10:52.879 --> 00:10:55.320 We're not worried about how the attackers got in, right, 236 00:10:55.399 --> 00:10:57.879 We're worried about what they can do once they're there. Okay. 237 00:10:58.039 --> 00:11:02.879 Two we focus on lead full compromise items okay, so 238 00:11:02.879 --> 00:11:05.080 those are the things that if they got compromised, yeah, 239 00:11:05.120 --> 00:11:06.519 it would be a really, really bad day. 240 00:11:06.600 --> 00:11:06.879 Okay. 241 00:11:07.080 --> 00:11:11.320 And three we use something called reverse pivot chaining, just 242 00:11:11.360 --> 00:11:15.799 basically using local intelligence gathering to figure out how the 243 00:11:15.840 --> 00:11:17.440 attackers got in and where they're going. 244 00:11:17.639 --> 00:11:21.879 So you're like working backwards exactly from the crime scene. 245 00:11:21.639 --> 00:11:23.759 From the crime scene trying to figure out what happens. 246 00:11:23.759 --> 00:11:28.159 So this is like a very specific and targeted approach. 247 00:11:27.960 --> 00:11:29.720 Very targeted, very high stakes. 248 00:11:29.960 --> 00:11:32.159 Okay, well, I think that's a great place. 249 00:11:31.879 --> 00:11:34.240 To pause for now, take a break. 250 00:11:34.279 --> 00:11:36.080 We've covered a lot of ground in this first part 251 00:11:36.120 --> 00:11:39.320 of our deep dive. We have Yeah, we've defined red teaming, 252 00:11:39.799 --> 00:11:43.240 talked about why humans are still so important, talked about 253 00:11:43.279 --> 00:11:47.039 the different challenges, different approaches, the different approaches, and introduce 254 00:11:47.159 --> 00:11:51.360 these concepts of purple teaming and cap ptr teaming. 255 00:11:51.600 --> 00:11:54.000 And in the next part, yes, we're going to get 256 00:11:54.120 --> 00:11:55.519 even deeper into the weeds. 257 00:11:55.519 --> 00:11:58.120 We're going to get into the nitty gritty, nitty gritty 258 00:11:58.240 --> 00:12:00.960 of how these engagements are actually conducted. 259 00:12:01.039 --> 00:12:04.480 The tools, the technique, the tools, the techniques, the trade craft. 260 00:12:04.480 --> 00:12:06.559 That's right craft. All right, So stay tuned. 261 00:12:06.559 --> 00:12:10.279 Stay with us, Welcome back to our deep dive on 262 00:12:10.360 --> 00:12:13.480 red teaming. Last time, we got a good overview of 263 00:12:13.519 --> 00:12:15.759 what red teaming is and why it's so important. 264 00:12:16.159 --> 00:12:19.360 Yeah, and why humans are still so crucial in this field. 265 00:12:19.600 --> 00:12:20.919 Yeah, absolutely So. 266 00:12:21.000 --> 00:12:22.360 Now I think it'd be really cool to kind of 267 00:12:22.360 --> 00:12:26.200 get into the weeds a little bit and really see 268 00:12:26.279 --> 00:12:27.519 how these engagements. 269 00:12:27.559 --> 00:12:29.240 Yeah, let's get into the nitty gritty, Yeah. 270 00:12:29.120 --> 00:12:30.360 Let's get into the nitty gritty. 271 00:12:30.240 --> 00:12:31.720 The nuts and bolts of it all, like. 272 00:12:31.679 --> 00:12:34.120 What actually happens when a red team? 273 00:12:34.519 --> 00:12:36.639 Yeah, how do they actually do this stuff? 274 00:12:37.080 --> 00:12:39.919 So once they've kind of got the scope and the 275 00:12:40.000 --> 00:12:43.200 rules of engagement set, like where do they start? What 276 00:12:43.240 --> 00:12:44.159 are the first steps? 277 00:12:44.279 --> 00:12:46.399 So the first thing you gotta do is reconnaissance. Okay, 278 00:12:46.440 --> 00:12:50.039 you've got to figure out what you're dealing with. Okay, 279 00:12:50.120 --> 00:12:53.200 you know who's the target? What are their systems? Yeah, 280 00:12:53.240 --> 00:12:56.399 what are their weaknesses? This involves things like open source 281 00:12:56.440 --> 00:13:02.519 intelligence gathering, vulnerability scanning, maybe even some social engineering to 282 00:13:02.600 --> 00:13:03.960 try to get some credentials. 283 00:13:04.639 --> 00:13:06.039 So you're building a profile. 284 00:13:06.240 --> 00:13:08.440 You're building a profile, yeah the target. You got to 285 00:13:08.519 --> 00:13:09.200 know your enemy. 286 00:13:09.320 --> 00:13:12.279 And professional red teaming actually talks about this. They call 287 00:13:12.320 --> 00:13:14.799 it the shaping phase, the shaping phase, right, and it's 288 00:13:14.840 --> 00:13:17.960 all about involving the right people totally in the process, 289 00:13:18.000 --> 00:13:19.919 Like not just the technical folks, but yeah. 290 00:13:19.759 --> 00:13:22.840 You need the technical people, need the operational people. You 291 00:13:22.919 --> 00:13:26.840 might even need legal legal Yeah, depending on what. 292 00:13:26.759 --> 00:13:29.120 You're doing, because you've got to make sure that like this, 293 00:13:29.279 --> 00:13:30.200 it's tailored. 294 00:13:29.879 --> 00:13:32.759 To the organization. Yeah, you know, it's not just a generic. 295 00:13:32.399 --> 00:13:34.320 Attack, right, it's not off the shelf. 296 00:13:34.559 --> 00:13:38.039 No, it's got to be very specific, tailored to their environment. 297 00:13:38.120 --> 00:13:39.840 There risks, risks. 298 00:13:39.440 --> 00:13:44.279 And their yeah, their business. Yeah, and this intelligence gathering. 299 00:13:43.960 --> 00:13:46.080 Phase can be Oh, it could be very creative. 300 00:13:46.240 --> 00:13:50.960 I was reading about some of the techniques like website scraping, 301 00:13:51.159 --> 00:13:52.679 social media analysis. 302 00:13:53.000 --> 00:13:55.200 Oh yeah, you can find a lot of information on social. 303 00:13:54.919 --> 00:13:57.080 Media, and even physical penetration testing. 304 00:13:57.320 --> 00:14:01.639 Oh yeah, physical pen testing is fun. What is that? 305 00:14:02.120 --> 00:14:06.840 So basically you're trying to get physical access to the target. Okay, 306 00:14:07.159 --> 00:14:11.440 so this might involve things like, yeah, trying to tailgate employees, 307 00:14:11.799 --> 00:14:14.320 you know, sneak in behind them. Yeah, or maybe trying 308 00:14:14.320 --> 00:14:17.720 to pick locks or you know, test their security cameras. 309 00:14:17.840 --> 00:14:19.919 So you're actually like on site. 310 00:14:20.080 --> 00:14:23.559 Yeah, you're on site. You're in the building, Okay, trying 311 00:14:23.600 --> 00:14:24.559 to see what you can get away with. 312 00:14:24.679 --> 00:14:26.799 So you're really you're really thinking outside the box. 313 00:14:26.840 --> 00:14:28.039 You got to think like an attacker. 314 00:14:28.519 --> 00:14:31.799 Okay. So once they've kind of done their homework, they've 315 00:14:31.840 --> 00:14:32.600 gathered all this. 316 00:14:32.639 --> 00:14:34.600 Intel, they've built their profile. 317 00:14:34.919 --> 00:14:35.759 What happens next? 318 00:14:35.759 --> 00:14:37.360 So then it's time to actually attack. 319 00:14:37.720 --> 00:14:39.120 Okay, this is where it gets real. 320 00:14:39.279 --> 00:14:40.960 Yeah, this is where the rubber meets the road. 321 00:14:41.200 --> 00:14:43.200 So this is where like all. 322 00:14:43.080 --> 00:14:44.519 The technical skills come in. 323 00:14:44.679 --> 00:14:46.039 Yeah, the technical skills. 324 00:14:45.799 --> 00:14:48.320 You know, exploiting vulnerabilities. 325 00:14:47.600 --> 00:14:49.320 By passing security control. 326 00:14:49.519 --> 00:14:50.799 Yeah, all that good stuff. 327 00:14:51.000 --> 00:14:53.360 And I know the book talks about all. 328 00:14:53.159 --> 00:14:54.799 Sorts of Oh yeah, there's a whole. 329 00:14:54.679 --> 00:14:56.519 Range different types of attacks. 330 00:14:56.120 --> 00:15:02.279 External attacks, internal attacks, wireless attacks, WI lists, social engineering. 331 00:15:01.840 --> 00:15:05.279 Social engineering. So it's not just like hacking into a computer. 332 00:15:05.840 --> 00:15:10.240 No, it's much broader than that. Yes, it's about exploiting any. 333 00:15:10.039 --> 00:15:11.759 Weakness, any weakness you can. 334 00:15:11.600 --> 00:15:14.720 Find, any weakness, whether it's a technical weakness, yeah, a 335 00:15:14.799 --> 00:15:17.919 human weakness, a process weakness, whatever. 336 00:15:18.080 --> 00:15:21.480 So let's say the Red team they managed to get 337 00:15:21.480 --> 00:15:22.559 access to a system. 338 00:15:22.759 --> 00:15:27.080 Okay, what happens then, So then it's all about maintaining persistence. 339 00:15:27.279 --> 00:15:27.639 Okay. 340 00:15:27.720 --> 00:15:29.519 You know, you don't want to just get in and 341 00:15:29.559 --> 00:15:30.039 then get. 342 00:15:29.960 --> 00:15:32.200 Kicked out, right, You want to stay in. You want 343 00:15:32.240 --> 00:15:34.480 to stay in, establish a foothold. 344 00:15:34.080 --> 00:15:35.600 Establish a foothold exactly. 345 00:15:35.720 --> 00:15:36.000 Okay. 346 00:15:36.120 --> 00:15:40.200 So this might involve things like installing back doors, creating 347 00:15:40.360 --> 00:15:44.159 rogue user accounts, hijacking legitimate processes. 348 00:15:44.159 --> 00:15:47.639 So you're basically blending in, blending in with the normal 349 00:15:48.120 --> 00:15:51.000 network activity. You want to be a ghost, okay, And 350 00:15:51.039 --> 00:15:53.559 this is where operational security. 351 00:15:53.679 --> 00:15:55.200 Oh PSC super important. 352 00:15:55.240 --> 00:15:56.879 Oh PSCC, yeah, that's what they call it. 353 00:15:57.000 --> 00:15:58.240 Yeah, you got to be very careful. 354 00:15:58.279 --> 00:15:59.639 You've got to cover your tracks. 355 00:15:59.360 --> 00:16:01.519 Cover your tracks, don't leave any traces. 356 00:16:01.200 --> 00:16:03.279 Because if you make one mistake. 357 00:16:03.000 --> 00:16:04.600 Yeah, one mistake and you're busted. 358 00:16:04.639 --> 00:16:05.519 Game over. 359 00:16:05.679 --> 00:16:06.039 Yeah. 360 00:16:06.080 --> 00:16:09.120 And so now I gotta ask ye, like, where does 361 00:16:09.159 --> 00:16:11.799 the Blue team fit into all of this? 362 00:16:12.000 --> 00:16:15.720 So the Blue team is the defenders? Okay, their job 363 00:16:15.799 --> 00:16:17.200 is to try to stop the Red team. 364 00:16:17.600 --> 00:16:19.600 Okay, so it's like this, it's. 365 00:16:19.480 --> 00:16:20.200 A cat and mouse game. 366 00:16:20.320 --> 00:16:22.080 Cat and mouse game, yeah, back and forth. Okay. 367 00:16:22.240 --> 00:16:24.679 Red team tries to attack, Blue team tries to defend. 368 00:16:24.759 --> 00:16:26.080 But it's a collaborative effort. 369 00:16:26.159 --> 00:16:29.120 It's a collaborative effort. Yeah. Ultimately, even though it's adversarial, 370 00:16:30.120 --> 00:16:32.000 the goal is to improve security. 371 00:16:32.639 --> 00:16:34.440 So they're both working towards the same goal. 372 00:16:34.600 --> 00:16:37.200 Yeah, they're on the same team, ok just different sides 373 00:16:37.240 --> 00:16:37.559 of the coin. 374 00:16:37.679 --> 00:16:41.159 And one thing the sources emphasize a lot was documentation. 375 00:16:41.639 --> 00:16:43.440 Oh yeah, documentation is super important. 376 00:16:43.440 --> 00:16:44.039 Why is that? 377 00:16:44.200 --> 00:16:48.559 So you got to document everything you do, every vulnerability 378 00:16:48.600 --> 00:16:52.759 you find, every exploit you use, because that's how you learn. Okay, 379 00:16:53.279 --> 00:16:54.720 you know, you got to be able to go back 380 00:16:54.720 --> 00:16:58.000 and see what worked, Okay, what didn't work, how you 381 00:16:58.000 --> 00:16:58.519 can improve. 382 00:16:58.559 --> 00:17:01.120 It's like a record, it's a record of the engagement 383 00:17:01.200 --> 00:17:03.679 of everything that happens. Okay. Now let's get into some 384 00:17:03.759 --> 00:17:05.160 of the tools of the trade. 385 00:17:05.319 --> 00:17:05.839 The tools. 386 00:17:06.160 --> 00:17:09.759 What are so? Red teamers use a variety of tools, 387 00:17:10.240 --> 00:17:13.160 both open source and commercial. Okay, So some of the 388 00:17:13.200 --> 00:17:20.799 common categories are network scanners, vulnerability scanners, exploitation frameworks, password 389 00:17:20.880 --> 00:17:24.400 cracking tools, got it, and social engineering tool pits. 390 00:17:24.640 --> 00:17:25.960 So give me some examples. 391 00:17:26.079 --> 00:17:29.079 So for network scanners, you've got things like end map, 392 00:17:29.599 --> 00:17:32.640 which allows you to map out the target network. Okay, 393 00:17:32.720 --> 00:17:33.799 see what systems are there? 394 00:17:33.960 --> 00:17:34.279 Got it? 395 00:17:34.319 --> 00:17:40.240 For vulnerability scanners, yeah, you got nessus qualities Okay, those 396 00:17:40.279 --> 00:17:44.400 are popular ones in the basics scan for known vulnerabilities 397 00:17:44.480 --> 00:17:45.680 and software and systems. 398 00:17:46.000 --> 00:17:48.079 What about those exploitation frameworks. 399 00:17:48.160 --> 00:17:50.920 Yeah, so those are things like metasploit, which is a 400 00:17:50.960 --> 00:17:54.039 collection of pre built exploits okay, that you can use 401 00:17:54.079 --> 00:17:55.000 to attack systems. 402 00:17:55.440 --> 00:17:57.240 So it's not all manual hacking. 403 00:17:57.400 --> 00:17:59.160 No, you can automate a lot of this stuff. 404 00:17:59.319 --> 00:18:01.880 Okay, freeze up your time to focus on the more 405 00:18:01.880 --> 00:18:02.920 interesting things. 406 00:18:02.799 --> 00:18:04.519 More strategic stuff exactly. 407 00:18:04.559 --> 00:18:04.880 Okay. 408 00:18:04.920 --> 00:18:08.079 And then password cracking, password cracking, Yeah, what kind of tools. 409 00:18:08.119 --> 00:18:10.920 So you got tools like hashcat, John the Ripper. These 410 00:18:10.920 --> 00:18:14.920 are brute force tools they can try to guess passwords. 411 00:18:15.359 --> 00:18:17.359 And then social engineering toolkits. 412 00:18:17.440 --> 00:18:18.720 Yeah, what are those like? 413 00:18:18.880 --> 00:18:21.599 So those are things that can help you craft phishing emails, 414 00:18:22.119 --> 00:18:24.519 spoof websites, impersonate people. 415 00:18:24.640 --> 00:18:27.359 You're basically trying to trick people, trick people into giving 416 00:18:27.400 --> 00:18:30.720 you information exactly. Yeah, okay, so we've talked about the tools. Yeah, 417 00:18:30.799 --> 00:18:32.240 let's move on to the reporting phase. 418 00:18:32.359 --> 00:18:32.799 Reporting. 419 00:18:32.880 --> 00:18:35.640 Yeah, on the So once the attack is done. 420 00:18:35.640 --> 00:18:39.079 Simulated attack is done, the red team's got to, like 421 00:18:39.440 --> 00:18:41.279 you got to write a report, Yeah, write a report. 422 00:18:41.279 --> 00:18:45.759 You've got to summarize your findings, make recommendations, okay, and 423 00:18:46.160 --> 00:18:49.960 basically help the organization improve their security. 424 00:18:50.599 --> 00:18:53.319 So it's not just about like, no, it's not just 425 00:18:53.359 --> 00:18:54.759 about pointing fingers. 426 00:18:54.440 --> 00:18:57.680 Yeah, finding vulnerabilities and saying you suck, you suck. 427 00:18:57.960 --> 00:19:00.519 No, it's about helping them get better. 428 00:19:00.559 --> 00:19:04.559 It's about providing value. Providing value exactly, and professional red 429 00:19:04.559 --> 00:19:09.200 teaming talks about this concept of like an out briefing session, 430 00:19:09.279 --> 00:19:12.000 the out brief where they actually sit down with the organization. 431 00:19:12.160 --> 00:19:14.480 Yeah, you sit down with the stakeholders. 432 00:19:13.799 --> 00:19:15.839 And they walk them through the finding, You walk them 433 00:19:15.839 --> 00:19:19.079 through the reportation. 434 00:19:17.960 --> 00:19:19.319 Answer any questions they have. 435 00:19:19.559 --> 00:19:21.119 So it's like this face to face. 436 00:19:21.279 --> 00:19:23.359 Yeah, face to face interaction is important. 437 00:19:23.640 --> 00:19:26.039 Yeah, to make sure that everybody's on the same page, 438 00:19:26.079 --> 00:19:26.799 on the same. 439 00:19:26.599 --> 00:19:29.039 Page, and that they understand the importance of the findings. 440 00:19:29.119 --> 00:19:31.440 Okay, And one last thing I wanted to touch on 441 00:19:31.519 --> 00:19:34.400 before we wrap up this part, Okay, is this concept 442 00:19:34.440 --> 00:19:35.480 of threat hunting. 443 00:19:35.759 --> 00:19:36.519 It's read hunting. 444 00:19:36.599 --> 00:19:38.720 Yeah, I've I've heard that term. 445 00:19:39.079 --> 00:19:40.559 It's a hot topic these days. 446 00:19:40.319 --> 00:19:41.759 But I'm not really sure what it means. 447 00:19:42.119 --> 00:19:47.480 So threat hunting is basically proactively looking for threats in 448 00:19:47.519 --> 00:19:51.400 your environment. So it's not just about waiting for alerts 449 00:19:51.440 --> 00:19:55.240 to go on, right, It's about actively searching for evidence 450 00:19:55.400 --> 00:19:57.279 of malicious activity. 451 00:19:58.400 --> 00:20:00.960 So you're like a detective. 452 00:20:01.039 --> 00:20:03.880 You're a detective, Yeah, looking for clues, looking for clues, 453 00:20:03.960 --> 00:20:08.359 looking for patterns that might indicate that something bad is happening. 454 00:20:08.599 --> 00:20:11.640 So it's it's a very proactive approach to. 455 00:20:11.680 --> 00:20:13.839 Security, okay, rather than reactive. 456 00:20:13.920 --> 00:20:18.880 And this is super important, especially these days with attackers 457 00:20:18.920 --> 00:20:20.279 getting more sophisticated. 458 00:20:20.480 --> 00:20:23.400 Yeah, attackers are getting really good at hiding their tracks, right, 459 00:20:23.559 --> 00:20:25.200 So you've got to be proactive to find them. 460 00:20:25.240 --> 00:20:28.200 But is this is this a replacement for red teaming. 461 00:20:28.720 --> 00:20:31.119 No, No, it's not a replacement. It's a compliment. It's 462 00:20:31.160 --> 00:20:32.559 another tool in your toolbox. 463 00:20:32.640 --> 00:20:36.559 So it's about having like this layer layered defense. 464 00:20:37.400 --> 00:20:40.519 So you're doing proactive stuff like threat hunting. Yeah, you're 465 00:20:40.519 --> 00:20:43.720 doing reactive stuff like incident response, right, and then you're 466 00:20:43.759 --> 00:20:47.119 also doing red teaming to kind of test everything. Yeah, 467 00:20:47.240 --> 00:20:48.160 make sure it all works. 468 00:20:48.279 --> 00:20:50.440 Okay, So we've covered a lot of ground in this part. 469 00:20:50.680 --> 00:20:51.000 We have. 470 00:20:51.119 --> 00:20:53.960 Yeah, we've talked about this step by step process of 471 00:20:54.000 --> 00:20:57.480 a red team engagement from reconnaissance to reports, from reconnaissance 472 00:20:57.519 --> 00:20:59.240 to reporting. Talked about the tools. 473 00:20:58.920 --> 00:21:01.039 And technique, the importance of documentation. 474 00:21:00.559 --> 00:21:03.920 The importance of documentation, and threat hunting threat hunting. Yeah, 475 00:21:03.960 --> 00:21:06.960 And in the final part of our deep dive. Yeah, 476 00:21:07.000 --> 00:21:08.559 in the next part, we're going to talk about the 477 00:21:08.640 --> 00:21:10.079 ethical considerations. 478 00:21:10.160 --> 00:21:13.000 Yeah, the ethical landscape, the red teaming, the future of 479 00:21:13.000 --> 00:21:13.880 red teaming. 480 00:21:13.680 --> 00:21:16.160 The future of red teaming, what it all means for 481 00:21:16.279 --> 00:21:20.519 you the stay tuned. All right, welcome back to the 482 00:21:20.519 --> 00:21:24.000 final part of our red teaming deep dive. We've talked 483 00:21:24.039 --> 00:21:29.119 about the strategies, the tools, why human hackers are still 484 00:21:29.160 --> 00:21:31.880 so important and all this great stuff. But one thing 485 00:21:31.880 --> 00:21:34.119 that's been kind of on my mind, Yeah, throughout this 486 00:21:34.160 --> 00:21:38.079 whole discussion is the ethics of it all, right, because 487 00:21:38.119 --> 00:21:42.759 we're talking about intentionally breaking into systems, exploiting vulnerabilities. I 488 00:21:42.759 --> 00:21:45.920 mean that seems like it could have real world consequences. 489 00:21:46.160 --> 00:21:51.319 Yeah, absolutely, things go wrong. So ethical Red teamers, yeah 490 00:21:51.759 --> 00:21:54.440 take this very seriously, okay, And there are a lot 491 00:21:54.480 --> 00:21:57.079 of safeguards in place to make sure these engagements are 492 00:21:57.119 --> 00:21:58.319 conducted responsibly. 493 00:21:58.839 --> 00:22:02.160 Yeah. The sources we've looking at really emphasize those rules 494 00:22:02.160 --> 00:22:02.880 of engagement. 495 00:22:03.039 --> 00:22:04.119 Oh yeah, super important. 496 00:22:04.799 --> 00:22:06.400 Can you talk a little bit more about what those 497 00:22:06.480 --> 00:22:08.799 are and why they matter so much? 498 00:22:09.480 --> 00:22:13.240 Yeah, So, rules of engagement are basically like a contract 499 00:22:13.640 --> 00:22:18.559 between the Red Team and the organization that outlines what 500 00:22:18.680 --> 00:22:21.480 the Red Team is allowed to do, what they're not 501 00:22:21.559 --> 00:22:25.240 allowed to do, what systems they can touch, what data 502 00:22:25.240 --> 00:22:27.480 they can access, and when they can do it. 503 00:22:27.759 --> 00:22:30.880 So it's very specific, very specific, okay, And the goal 504 00:22:30.960 --> 00:22:33.200 is to i mean, obviously to prevent the Red Team 505 00:22:33.200 --> 00:22:36.839 from doing anything illegal or unethical, but it's also. 506 00:22:36.680 --> 00:22:38.279 About protecting the organization. 507 00:22:38.400 --> 00:22:41.200 Yeah, protecting the organization. Like I was reading about Red 508 00:22:41.240 --> 00:22:44.400 teamers having to consider data privacy regulation. 509 00:22:44.480 --> 00:22:46.160 Oh yeah, k ipa GDPR. 510 00:22:46.960 --> 00:22:50.200 You don't want to accidentally cause a data breach exactly 511 00:22:50.240 --> 00:22:53.799 while you're trying to improve security, right, that would be bad. 512 00:22:54.640 --> 00:22:58.559 So it's not just about like being a skilled hacker. 513 00:22:58.960 --> 00:23:02.640 You got to have like that ethical mindset as well. 514 00:23:02.720 --> 00:23:05.559 You got to understand the risks, yeah, and the consequence. 515 00:23:05.599 --> 00:23:08.279 Okay, So we've we've talked a lot about communication and 516 00:23:08.319 --> 00:23:12.359 collaboration and especially that relationship between the Red team and 517 00:23:12.359 --> 00:23:15.519 the Blue team. Why is that so important for this 518 00:23:15.640 --> 00:23:18.039 to actually work, Because. 519 00:23:17.799 --> 00:23:20.920 Like we talked about before, red teaming can be adversarial. 520 00:23:21.160 --> 00:23:24.079 Yeah. Right, it's like you're coming in and saying, hey, 521 00:23:24.160 --> 00:23:25.319 your security sucks. 522 00:23:25.640 --> 00:23:26.720 I found all these holes. 523 00:23:26.799 --> 00:23:28.599 Yeah, you know, you're not doing a good job. 524 00:23:28.720 --> 00:23:29.880 And nobody likes to hear that. 525 00:23:30.000 --> 00:23:33.759 Yea. So it's really important to to build that trust, 526 00:23:33.799 --> 00:23:35.880 build trust, establish good communications. 527 00:23:35.960 --> 00:23:37.920 Yeah, make sure everybody's on the same page. 528 00:23:38.039 --> 00:23:39.599 And I know, you know we talked about this before, 529 00:23:39.640 --> 00:23:45.839 but involving like both the technical folks and the operational folks, operational, legal, legal, everybody, 530 00:23:45.880 --> 00:23:48.279 Like in those early stages from the beginning, to make 531 00:23:48.319 --> 00:23:50.000 sure everybody understands. 532 00:23:50.319 --> 00:23:52.079 Yeah, what are we trying to achieve here? 533 00:23:52.119 --> 00:23:53.079 What are trying to achieve? 534 00:23:53.200 --> 00:23:55.240 What are the goals? What are the risks? 535 00:23:55.519 --> 00:23:55.680 Right? 536 00:23:55.759 --> 00:23:57.799 How are we going to do this safely and responsibly, 537 00:23:58.079 --> 00:24:02.279 So it's not like a surprise, No surprises. Everybody knows 538 00:24:02.279 --> 00:24:02.880 what's going on. 539 00:24:03.079 --> 00:24:05.720 And then throughout the engagement, like keep those lines of 540 00:24:05.720 --> 00:24:07.039 communication open. 541 00:24:06.880 --> 00:24:08.160 Keep the communication flowing. 542 00:24:08.240 --> 00:24:09.839 Yeah, like provide updates, let. 543 00:24:09.680 --> 00:24:13.519 Them know, Hey, we found this vulnerability. Yeah, what you're finding. 544 00:24:13.559 --> 00:24:15.079 We're exploiting this. 545 00:24:15.079 --> 00:24:17.759 This is what we're seeing, so that everybody can. 546 00:24:18.000 --> 00:24:20.599 Learn and adapt, learn and adapt in real time. 547 00:24:20.880 --> 00:24:23.799 Okay, Now let's talk about the future of red teaming. Okay, 548 00:24:23.880 --> 00:24:28.880 because this field is constantly evolved, constant it's never boring. 549 00:24:29.000 --> 00:24:31.880 Yeah, no, it's not like I'm curious. How do you 550 00:24:31.920 --> 00:24:36.039 see red teaming adapting to all these new threats? 551 00:24:36.240 --> 00:24:40.480 The threat landscape is changing so rapidly all the time. Yeah, 552 00:24:40.640 --> 00:24:46.880 you know, we're dealing with like nation state actors, organized. 553 00:24:46.359 --> 00:24:48.240 Crimes, sophisticated attackers. 554 00:24:48.440 --> 00:24:50.799 Yeah, how do you It's a challenge, how do you 555 00:24:50.920 --> 00:24:51.400 keep up? 556 00:24:51.680 --> 00:24:54.519 So one of the big things is AI. Attackers are 557 00:24:54.599 --> 00:24:58.480 using AI to enhance their capabilities. 558 00:24:57.799 --> 00:25:00.640 So they're using AI to to attack. 559 00:25:00.720 --> 00:25:02.839 Yeah, okay, so we got to use AI to defend. 560 00:25:03.240 --> 00:25:06.680 So red teamers are starting to incorporate AI and machine 561 00:25:06.759 --> 00:25:08.440 learning into their tools and techniques. 562 00:25:08.519 --> 00:25:11.799 So it's like this AI arms race it is, yeah, okay. 563 00:25:11.799 --> 00:25:16.960 And we talked about KPTR teaming, which is specifically designed. 564 00:25:16.559 --> 00:25:18.240 To address high impact scenarios. 565 00:25:18.319 --> 00:25:21.240 Yeah, those really high stakes tax when the stakes are high, 566 00:25:21.279 --> 00:25:25.240 and purple teaming as well. That collaborative collaboration is key approach. 567 00:25:25.519 --> 00:25:27.599 Yeah, you got to work together. 568 00:25:28.400 --> 00:25:30.480 So it's it's not enough to just. 569 00:25:30.839 --> 00:25:33.519 Like rely on old methods, Yeah, rely on. 570 00:25:33.559 --> 00:25:35.920 Like the traditional security approaches. 571 00:25:36.000 --> 00:25:38.559 You got to be proactive. Yeah, you got to be adaptive. 572 00:25:38.640 --> 00:25:41.680 Okay. So red teaming is not just like a it's. 573 00:25:41.519 --> 00:25:45.319 Not a one time thing, one thing. It's an ongoing process. 574 00:25:45.559 --> 00:25:47.359 Yeah okay. So we're we're at the end of our 575 00:25:47.400 --> 00:25:51.720 deep dive here. If there's like one thing our listeners 576 00:25:51.720 --> 00:25:53.680 should take away from this, what would it be. 577 00:25:54.319 --> 00:25:56.799 Cybersecurity is everyone's responsibility. 578 00:25:56.920 --> 00:25:57.279 Okay. 579 00:25:57.599 --> 00:25:59.680 It's not just the IT department's problem. 580 00:26:00.160 --> 00:26:01.480 It's not just the security team. 581 00:26:01.559 --> 00:26:02.680 It's everybody's product. 582 00:26:02.680 --> 00:26:03.759 It's everybody's problem. 583 00:26:04.000 --> 00:26:07.440 We all have a role to play in protecting our data. 584 00:26:07.480 --> 00:26:10.000 In our systems, and it's not a set it and 585 00:26:10.039 --> 00:26:10.759 forget it thing. 586 00:26:11.000 --> 00:26:13.200 No, security is a journey, not a destination. 587 00:26:13.400 --> 00:26:14.640 It's a journey and not a destiny. 588 00:26:14.680 --> 00:26:15.960 It's an ongoing process. 589 00:26:16.160 --> 00:26:19.319 Yeah, okay, So what's the most important thing for people 590 00:26:19.319 --> 00:26:20.640 to remember about red teaming. 591 00:26:21.559 --> 00:26:25.279 Red teaming is about making organizations more secure. It's not 592 00:26:25.319 --> 00:26:28.880 about finding faults or embarrassing people. It's about helping them 593 00:26:28.960 --> 00:26:32.039 understand their risks and improve their defenses. 594 00:26:32.279 --> 00:26:36.279 So it's ultimately a force for good, a force for good, absolutely, Okay. 595 00:26:36.319 --> 00:26:38.000 Any final thoughts for our listeners. 596 00:26:38.160 --> 00:26:42.480 Yeah, stay curious, stay informed, and don't be afraid to 597 00:26:42.519 --> 00:26:45.920 ask questions. The more you know about cybersecurity. Yeah, the 598 00:26:46.000 --> 00:26:47.000 better prepared you'll be. 599 00:26:47.599 --> 00:26:50.640 All right. Well, that wraps up our red teaming deep dive. 600 00:26:51.160 --> 00:26:51.640 It does. 601 00:26:51.799 --> 00:26:54.160 We hope you found it informative and insightful. 602 00:26:54.279 --> 00:26:57.720 We hope you learned something and until next time, stay secure.