Notes For Try Hack Me Red 2
Just some notes for myself
Rules of Engagement
It is a legally binding outline of the client’s objective and scope. NDAs can also be used.
| Section | Detail |
|---|---|
| Executive Summary | Summary of the contents and authorization within |
| Purpose | Why the RoE is used |
| Reference | References used |
| Scope | Agreed upon restrictions and guidelines |
| Definitions | Technical terms used |
| Rules of Engagement and Support Agreement | Defines the obligations and technical expectation |
| Provisions | Define exceptions and additional info. |
| Requirements, Restrictions, and Authority | Define expectations of the red team. |
| Ground Rules | Limitation of red team |
| Resolution of issues/Points of Contact | Contain all essential personnel |
| Authorization | Statement of authorization for the engagement |
| Approval | Signatures from both parties |
| Appendix | Additional info. |
Engagement Planning
Engagement Plan :
A overarching description of the technical requirements of the red team. Content can include: CONOPS, Resource Plan( timelines and information as a list: personnel, hardware, cloud requirements)
Operations Plan:
Specifics of the engagement, expanding the engagement plan. Contents can include: Operators, known info, responsibilities, Stopping Conditions, Technical Requirements
Missions Plan:
Exact commands to run and execution time of the engagement. Contents (required): Objectives, Operators, Exploits/Attacks, Targets (users/machines/objectives), Execution plan variations
Remediation Plan:
Describe what happens after the campaign. Contents: report, remediation consultation
CONOPS (Concept of Operation)
The CONOPS document is non-technical summary, assuming reader has zero technical background. However, should include details like common tooling, target group, etc. These include:
- Client name
- server provider
- timeframe
- General Objectives/Phases
- Other Training Objectives (Exfiltration)
- High-Level Tools/Techniques planned to be used
- Threat group to emulate (if any)
Yi Yang
My research interests include end-to-end encrypted systems, encryption, and information security.