Colors in Security

This is what I collected from the http://taosecurity.blogspot.com/2007/09/security-jersey-colors.html:

• Red Team: A Red Team is an adversary simulation team. The Red Team attacks the asset to meet an objective. This activity is called penetration testing in the commercial world.


• Blue Team: A Blue Team is a security posture assessment and evaluation team. The Blue Team determines the vulnerabilities and exposures of an enterprise. This activity is called vulnerability assessment in the commercial world.


• White Team: A White Team (or usually a "White Cell") controls the environment during an exercise. The White Cell provides the framework in which the Red Team attacks friendly forces. (Note that in some situations the friendly forces are called the "Blue Team." This is not the same Blue Team that conducts vulnerability assessments and evaluations. Blue in this case is simply used to differentiate from Red.)


• Green Team: The Green Team is usually a training group that helps the asset owners. Alternatively, the Green Team helps with long-term vulnerability and exposure remediation, as identified by the Blue Team. These descriptions are open for discussion because I haven't seen too many green team activities.

In addition, I would also like to add in a couple more teams.

• Black Team: The Black Team is supposedly for forensics and investigation. I choose this color because it matches with "Black Box" found in all aeroplanes.
  


• Brown Team: The Brown Team is dedicated to Incident Response Team. They in-charge of everything during emergency and act/react to bring the situation under control.
  

P/S: How come it seems similar to 6-Hat Thinking?

Intrusion Detection In-Depth

SEC503: Intrusion Detection In-Depth delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence. You will learn about the underlying theory of TCP/IP and the most used application protocols, such as HTTP, so that you can intelligently examine network traffic for signs of an intrusion.

The hands-on training (Aug. 05 - Aug. 10 2007) in SEC503 is intended to be both approachable and challenging for beginners and seasoned veterans. There are two different approaches for each exercise. The first contains guidance and hints for those with less experience, and the second contains no guidance and is directed toward those with more experience. In addition, an optional extra credit question is available for each exercise for advanced students who want a particularly challenging brain teaser. A sampling of hands-on exercises includes the following:

• Day 1: Hands-On: Introduction to Wireshark
• Day 2: Hands-On: Writing tcpdump filters
• Day 3: Hands-On: IDS/IPS evasion theory
• Day 4: Hands-On: Snort rules
• Day 5: Hands-On: Analysis of three separate incident scenarios
• Day 6: Hands-On: The entire day is spent engaged in the NetWars: IDS Version challenge

Link: Network Intrusion Detection | SANS SEC503 | Intrusion Detection Training

iPhone root Password Cracked

From Hackint0sh

We managed to obtain and crack the hashs of the user passwords for the iPhone OS. The password for root is “alpine”; The “mobile” user accounts password is “dottie”.

Is it sick to have root pasword to all iPhones worldwide? Well not really, there is no terminal yet to login.

A Whitehat Hacker

Vista Recovery Command Prompt

Did you know that the Command Prompt tool found in Vista's System Recovery Options doesn't require a User Name or Password? And that the Command Prompt provides Administrator level access to the hard drive? For multiple versions of Windows?

All you need is a Vista Install DVD and you're all set to go.

• Just boot from the DVD and select the Repair option.
• Then select the Command Prompt.
• And you'll end up with an Administrator priviledged Command Prompt.

Interesting. You can find more details from Mr. Kimmo Rousku.

This kind of reminds us of a Windows XP Home feature. The Administrator account password for XP Home is blank by default and is hidden in Normal Mode. But if you select F8 during boot for Safe Mode, you can access the Administrator account and have complete access to the computer.

Physical security of your computer is paramount.