What is Offensive Cybersecurity

In information security, unfortunately, there is no ideal state that can be achieved and no longer worry. Being safe is like being in love: it’s not just for you, it needs to be done all the time.

Let’s say you have a code phrase from a crypto wallet — your main, expensive information asset. Several managers work with this wallet: they interact with exchange APIs, send transactions, and so on.

Storing a password in plain text, on a monitor or on a piece of paper is dangerous and inconvenient. Therefore, there are special architectures for working with services and identification data.

The task of offensive security is to test these architectures, look for potential vectors and opportunities to penetrate the protective perimeters of the network. Accordingly, in information security there is a conditional division into Blue Team (defenders) and Red Team (attackers).

Frame: the movie “Sonic 2 in the cinema”

Blue Team is primarily sysadmins and specialists in responding to cyber attacks. They mostly have administrative work: they need to constantly monitor what is happening and respond to cyber incidents in a timely manner.

Red Team is an offensive team. Its task is to simulate the actions of a potential attacker and train security specialists. And the “reds” are also investigating software for vulnerabilities and potential flaws in the configuration used by the customer, looking for ways to bypass the antivirus and doing other seemingly destructive, but in fact very creative work.

No one expects the red and blue teams to close all vulnerabilities. The purpose of their confrontation is to evaluate the effectiveness of the defenders, to train them in conditions as close as possible to the target attack of trained intruders. The Red team needs to detect and exploit the most dangerous and non-obvious attack vectors and at the same time remain unnoticed. Detailed team reporting and timing allows you to detect weaknesses and improve the actions of the defenders during real attacks. In some cases, the blue team may leave some attack vectors “unpatched” and strengthen monitoring to detect attempts of real attacks by intruders in a timely manner.