A High Level

Operations Security (OPSEC)

When performing offensive or defensive cyber operations it is always important to always assume that your actions are being monitored and potentially disrupted/impaired by the opposing side. While performing offensive cyber operations (OCO) your level of Operations Security (OPSEC) can be a key contributor in how long it can lost and how deep the operation can go while remaining undetected.

Breach Model

A breach model outlines how a red team will gain initial access to their targets environment. Red teams will often perform OSINT on the target in order to craft targeted phishing emails that contain sufficient pretext in order to gain trust and avoid generating suspicion. The way red teams deploy their payloads are frequently designed to mimic existing threat actors such as APT 29. Prior to starting it's important to discuss fall back plans in the event that initial access is prevented. This can often be done by communicating with stake holders ahead of time to have a contingent assumed breach scenario. This can be done by having the company provide a domain joined laptop or by providing them with your own custom device (Intel NUC) to plug into their environment. Make sure to follow security best practices when providing hardware to clients, the last thing you want to do is open a door for others to enter the environment alongside you.