# Introduction

## Teams involved in security

* red: attack team
    * test effectiveness of security by performing attacks
* blue: defend team
    * defend against attacks by constantly surveiling the network
* yellow: build team
    * builds applications that can be used by the other teams
* sharing knowledge
    * orange: builders learn from attackers
    * green: builder learn from defenders
    * purple: defenders learn from attackers

![Teams](img/ch01/security-teams.jpg)

## Penetration testing

### Penetration testers <-> red teams

* penetration testing
    * methodical approach
    * limited by Rules of Engagement (restricted scope)
    * 1-2 week engagement
    * generally announced
    * goal is to assess security of network and systems
* red team
    * flexible approach
    * anything goes (as long as it's legal)
    * 1 week to 6 months engagement
    * no announcement
    * goal is to test general security posture of company

### Penetrating testing <-> vulnerability assessments

* penetration testing
    * find vulnerabilities, both automated and manually
    * exploit them
    * attempt to gather confidential data
    * intended to go deeper and focus on technical issues
* vulnerability assessment
    * find vulnerabilities through automated means
    * don't exploit them or gather data
    * broader and often includes explicit policy and procedure review

### assumed breach exercise

* pentest where attackers are assumed to already be inside
* malware is dropped inside company boundaries
* getting caught not the end -> reset and try again
* **Time To Detect** (TTD): how long it takes to notice breach
* **Time To Mitigate** (TTM): how long it takes to perform corrective action

### Useful resources

* [MITRE](https://attack.mitre.org/): knowledge base of attack tactics and
  techniques
  * explanation of **TTP**s (Tactics, Techniques and Procecures)
* [APT Groups and Operations](https://apt.threattracking.com/): Google doc containing
  list of dangerous groups
* [Cyber Fundamentals](https://atwork.safeonweb.be/nl/tools-resources/cyberfundamentals-framework)
    * concrete measures on how to protect data and ensure safety in company
    * four assurance levels
    * five core functions
        1. identify
        2. protect
        3. detect
        4. respond
        5. recover