Significant new feature ideas, as well as over-arching themes/epics, are added to our prioritized backlog. Outside of the allocated time for development, we will continually make incremental improvements to our tooling during the red team engagement, including minor bug fixes or feature changes. Immediately adopting and making use of the automation tooling allows us to identify issues and obtain feedback quickly. This methodology forces us to focus on making incremental improvements while still maintaining a stable toolset and avoid over-engineering solutions. These improvements must be tangible enough that we can begin making use of them in any future red team engagements. In many ways, our process of improving the red team service is metaphorically like “building the plane while flying it.” What we mean by this is that our typical approach consists of two to three-week sprints of internal project time to make significant feature changes and improvements. The combination of Cloudflare Access and Okta allows us to enforce a strong user identity and authentication model while enforcing multifactor authentication to all red team services. Leveraging Okta allows us to enforce MFA using FIDO/U2F authentication when accessing red team infrastructure through SSO with Cloudflare Access and GCP. Users first authenticate through an identity provider to obtain a time-limited signed SSH key to authenticate against a system.įor authentication, we leverage Okta as a centralized authority for authentication and access control decisions. Access also supports acting as a centralized certificate authority for controlling SSH access to servers. Access forces users attempting to access the backend application to authenticate through an SSO provider. For instance, the Cloudflare Access solution acts as a reverse proxy in front of our internal Gitlab service. The primary functionality provided by Cloudflare Access is the ability to use the solution as an Identity Aware Proxy (IAP) for controlling access to infrastructure. Cloudflare Access is a managed service that offers many components of a BeyondCorp architecture as a service.
Google Cloud Platform (GCP) is a comparable solution to Amazon Web Services or Microsoft Azure. To achieve this architecture, we are primarily leveraging the Google Cloud Platform (GCP) service and the Cloudflare Access solution provided by Cloudflare. Additionally, economies of scale allow cloud providers such as Okta, Cloudflare, and Google to provide backend infrastructure services for red team engagements at a significantly lower cost than an internally developed and managed solution. By leveraging managed cloud services, we only pay for infrastructure when there is an active red team operation with the infrastructure expense serving as a primarily fixed per-project cost. We define these cost reductions both in terms of time as well as financial resources. By using managed services, we can reduce costs through outsourcing and automation while focusing on core competencies. Our primary focus is on implementing a Google BeyondCorp architecture while building off of managed services and existing solutions. Our goal is to release further posts in the future that explain particular implementation details. Therefore we will not be discussing specific implementation details in-depth within this article.
This post is our contribution to the ongoing discussion on responsibly managing red team infrastructure and is high level in nature. At Praetorian, the topic of red team infrastructure and security is a topic of great interest and conversation.
Notable examples include Tim MalcomVetter from the Walmart Red Team and Brady Bloxham from Silent Break Security. Many individuals within the red teaming and information security community have contributed their perspectives on red team infrastructure management. The security of red team infrastructure is paramount given the sensitive nature of the data stored on command and control servers and the access an attacker would gain from the compromise of these systems. One such debate has revolved around the theme of securely managing red team infrastructure. The topic of responsible red teaming has become a frequent topic of discussion in recent months.
0 kommentar(er)
