Welcome back, everyone, Ready for another deep dive Today, we're going exploring the world of physical red teaming. Oh interesting, Yeah, we've got an excerpt from this book Physical Red Team Operations, Okay, by Jeremiah Talamantes. It's well, it's all about how security professionals test physical security, you know, like in the real world, right, And they actually used the same tactics as like real world bad actors would.
So kind of like thinking like the enemy to beat them, Yeah, at our own game.
And you know, it's funny. The book starts off with this this crazy story about a group of hackers who actually like infiltrated a US oil refinery.
Whoa really yeah, not virtually, I'm assuming no, like.
Physically got inside.
Oh wow, that's a what do they use like some high tech method to do that?
No, that's the thing they didn't. Oh wow. It was all like walkie talkies, ock picks, ladders, like basic stuff. But they applied it all strategically.
That's interest saying that they didn't use some super high tech method. It was more yeah, just basic stuff.
Yeah. And it's almost like more unsettling, right that it was so low tech.
Yeah, if they can get into a refinery that easily. What else is vulnerable?
Right? Like, if a refinery is vulnerable to that, what about other places? Right? Yeah? And the author he was actually hired to like test their security. He even said, and I quote the implication is pretty devastating.
Yeah, I can see why he'd say. That really exposes how there's this gap between perceived security and actual vulnerability totally. Like sometimes the simplest method is the most effective, absolutely, especially if you can exploit human error or complacency.
Okay, so this leads us to the methodology that the book outlines. It's called red tmopsia.
Red tmopsia okay, yeah, and.
It's a twelve step process. It's kind of like a military operation.
Wow, twelve steps. Yeah, so what is that? What does that acronym actually stand for?
So it's rules of engagement, reconnaissance, direct, preparations, trigger, mobilization, execute, staging, assess and acclimate, maneuver operations, offensive, strike, penetrate and control, secure opiord and then evacuate, evade, and cover. Hmm. Oh wow. Yeah.
So it's it's pretty Uh, that's a mouthful. It's a mouthful, but you know, it makes sense that it would be so structured given like the sensitive nature of what they're doing, And the book uses a lot of imagery, you know, of soldiers and weapons really, which really emphasizes how seriously these teams take their work.
Yeah, it makes you really realize it's not just a game exactly, it's their real world consequences.
Yeah, so before we before we break down this whole methodology, let's let's clarify what exactly is physical red teaming. Yeah, what are we actually talking about?
Yeah, when we say that, it's essentially i'd say it's all about understanding a target's vulnerabilities from an attacker's perspective. So it's more than just breaking in. It's about identifying the most likely ways that someone could attack based on the target's own threat profile.
Okay, so, like if you're testing the security of a bank, you'd need to think about how a bank robber would act as opposed to say.
A vandal Exactly. You have to tailor the approach to the most realistic threats. And that's where this concept of TTPs comes in. GTPs tactics, techniques, and procedures. By actually studying the patterns that real world bad actors use, red teams can create these realistic simulations, okay, to see how the target would actually respond in a real situation.
Oh, so they're not just trying to get in any way possible, they're trying to get in the way that a real attacker would. Yes, which makes the test that much more valuable.
Absolutely, And that leads into a very important aspect of physical red teaming, which are the rules of engagement or ROWE. This is essentially a contract that outlines the specific boundaries and limitations of the operation, so.
Things like like what areas are totally off limits, what tactics are acceptable, how to handle potential damage to property exactly.
It's all about ensuring that everything's done ethically, legally and with you know, minimal disruption to the client. And damage to property is a big one because sometimes it's necessary to kind of simulate a real attack, like you know, picking a lock or disabling a sensor, but that is always discussed and agreed upon with the client beforehand.
Right like in that lock example you were talking about, before damaging the lock might be okay if that's like a really common way that people attack that type of facility, and the client knows and understands the risks.
And the cost precisely, it's a delicate balance, you know, between realism and the client's needs, and clear communication and documentation are absolutely essential throughout this entire.
Process, right, Transparency is key.
Yes.
So once those those ground rules are set, then the Red team can get to like I think the most exciting part, which is reconnaissance, you know, getting to be sneaky and all that. Yeah.
So what's their definition of reconnaissance?
Let me see, hold on. The book defines it as a mission to obtain information by visual observation or other detection methods about the activities and resources of an enemy or potential enemy, or about the meteorological, hydrographic, or geographic characteristics of a particular area. Oh wow, that's from Reconnaissance US Army FM seven ninety two, Chapter four.
Okay, So basically just gathering intel before you before you make your move.
Yeah, exactly. And the book outlines a specific process called the covert reconnaissance method covert reconnaissance method, uh huh, which is a six step system for gathering information and verifying your goals for repeatable results.
Okay, so six steps.
Yeah, it all starts with gathering open source intelligence or.
OCENT so like Internet sleuthing essentially, Yeah, pretty.
Much, okay, And it's really amazing what you can find out about people and places just by you know, searching online. Like the book actually mentions how even a simple name like John Doe can be turned into actual actionable intel.
Hmmm.
It's kind of crazy, it is.
It just highlights how much information is available, i know, right in the digital age.
It's crazy for everyone.
And how Red teamers can use that to their advantage.
Yeah, but it's not it's not just about online research.
What else is there?
The next step is estimating resources resources, which includes things like time and travel, right, yeah, especially for you know multi day operations.
Yeah, especially those those.
Logistical details can really you know, make or break emission.
Sure. So it's not just about being like sneaky and picking locks, No, it's it's about the planning, the logistics and being able to adapt to like unexpected challenges.
Yeah, exactly. And the book also highlights a very specific method for tactical guidance during you know, execution. It's called RECONCU, which stands for contact conceal capture. It emphasizes how how it's like a multi layered approach to planning and carrying out these operations.
That's really interesting how much goes into all of this. It's a lot more than I thought.
Yeah, so even if we're not, you know, planning to infiltrate oil refineries, what can we learn from all this? What does all this mean for you know, the average person?
I think I think the biggest takeaway is that security is often about more than just technology. It's about understanding human behavior, identifying weak points, thinking like an attacker so you can stay one step ahead.
It's like a mental exercise in risk assessment.
Yeah, exactly.
Even in our daily lives, we should be thinking what are my weak point points? What would someone who's motivated, what would they try to exploit?
Exactly. You have to develop that security mindset, which you can apply to anything from your home to your work to your online accounts.
That's a really good point. It's about being proactive and thinking critically about you know, our own security.
Posture, right, And as technology and physical security become more and more intertwined, this is going to be even more important.
That's a great segue to what we'll be exploring next time. Actually, I'm going to dive into some of the specific tactics and tools that red teams use during those like really intense offensive strike operations. Oh okay, yeah, I think lock picking bypassing alarms and even you know, dealing with those like ever present security cameras.
Oh, that's going to be interesting. So that's where the planning meets the real world challenges.
Yeah, that's going to be fun. Stay tuned for part two, where we unpack the tools and techniques of physical red teaming.
Welcome back. Let's delve into that tactical side of physical red teaming, specifically those you know, heart pounding offensive strike operations.
Okay, I'm ready to get tactical. So we talked about all the planning and reconnaissance that goes into a red team operation. But now let's imagine the team's actually on site, they're ready to put that plan into action. What like, what are some of the first obstacles they might encounter.
So one of the most common things you'll see are ground sensors.
Okay.
These are devices that are you know, designed to detect any movement or vibrations in the ground. They're often used to protect like perimeters or like sensitive areas.
So like those pressure plates you see in movies that trigger like traps, and stuff.
Yeah, similar concept, but they're much more sophisticated. Okay, they're often buried underground, so they're really hard to spot.
Oh that sounds tricky. How do they even know if they're there?
Well, sometimes you can, you know, see signs of them, like you might see some cabling or some disturbed earth. But oftentimes it really requires there is a bit of cleverness. Like the book actually mentions this story, okay, where a Red Team volunteered to walk dogs at a nearby humane society just to get a closer look at the facility without you know, raising any suspicion.
They used dog walking as a cover for reconnaissance.
It's a pretty good cover, you know, in this case. It gave them a plausible reason to be there, and it allowed them to you know, scan for any telltale signs of those ground sensors. But you have to make sure that your your cover story actually aligns with your your profile, right and the environment.
Yeah, it has to be believable, right. Okay, So let's say they actually, you know, identify that there are ground sensors, then what how do they deal with them?
Well, one tactic that the book mentions is to actually create a series of false alarms interesting to kind of overwhelm the system and like desensitize those security personnel.
Oh so it's like the Boy who Cried Wolf. Yeah, but for secure systems exactly.
But it does require you know, pretty precise timing and execution. If the red team ends up triggering like a real response, right, well, that could compromise the whole mission. But when it's done right, it can really create a window of opportunity.
Okay, so false alarms are one option. What are some other ways to deal with these with these ground sensors, Well.
Another tactic is to use tools to physically disable them, okay, or to disrupt their signals. Okay, but this requires you know, technical knowledge of how those systems work and having the right equipment to do it safely.
So like some kind of high tech gadget that like sends out a jamming signal or something.
Yeah, there are definitely specialized tools for that, but sometimes even something as simple as like a well placed piece of metal can disrupt a sensor signal.
Right.
It all depends on the type of sensor and the environment.
So it's a combination of like technical know how and and creative problem solving. Okay, so ground sensors are just one layer of security. What else is there?
Well, another common obstacle is fencing, particularly anti climb fencing, you know, designed to prevent people from climbing over it.
Right, Yeah, so I'm guessing like a simple booster in your buddy's not going to work here.
No, anti climb fencing usually has this like very narrow mesh pattern that's really hard to grip, and a lot of them even have like barbed wire or spikes along the top.
Ouch. Okay, so how do red teams get past that? Like? Do they just bring ladders?
Sometimes? Yes, But again the choice of tools and tactics always depends on the situation and the rules of engagement, Like a ladder might be too obvious or too risky.
Okay, so what are their options then?
Well, they might use things like wire cutters or bolt cutters, or even specialized climbing gear. It really depends on what kind of fencing it is, right and how you know, what level of security we're talking about. But sometimes it's about exploiting a weakness in the fence's design or how it was installed.
Oh okay, so they have to be like part engineer, part athlete and part detective.
Yeah, pretty much. Physical. Red teaming requires a pretty diverse skill set.
I bet okay. So they bypassed the ground sensors, they scale the fence. What's next? Are they home free? Not quite?
They still have to contend with locks, which is another you know, ubiquitous security measure.
Oh yeah, right, the good old fashioned lock and key. I wouldn't have thought those would be so relevant in our like high tech world.
You'd be surprised. Locks are everywhere and they come in a pretty surprising variety and complexity.
So how does a red team approach something as seemingly simple as a lock? Like? Do they just carry around like a giant key ring with every key imaginable?
It wouldn't be very practical, would it. No?
Probably not.
While having a variety of tools is definitely helpful, The key is knowing which tool to use for which lock. It's about understanding the mechanics of all the different lock type and what techniques you can use to buyopass them.
So are we talking lock picking here like you see in spy movies?
Exactly? Red teamers are usually pretty skilled in a variety of lock picking techniques. They use tools like tension wrenches, picks, rakes, even specialized electric lock picks for those more advanced locks.
Electric lock picks, Now that sounds pretty high tech.
Yeah. Technology is always evolving, and lock picking tools are no exception. But even with advanced tools, it still requires a lot of skill and a lot of practice.
I bet it's a pretty satisfying feeling when you finally hear that click and that lock opens.
I'm sure it is. But it's important to remember all of these skills are used in a controlled, ethical environment. You know, this is part of a professional security assessment.
Right of course, it's all about helping those organizations improve their security. Yeah, you know, not causing chaos precisely. Okay. So let's say they've gotten past the ground sensors, the fence, the locks, Okay, they're in.
What comes next, Well, they'll probably encounter some alarms, right, which are you know, another layer of security that's pretty common in these types of environments, And alarms can be really tricky because they're designed to trigger that you know, really quick response.
Yeah, I'm picturing like flashing red lights and sirens going off. So how do how do red teams deal with that? Like? Do they just sprint for their objective and hope they're like fast enough.
Well, it's a little morphinesse than that. Red teams need to understand all the different types of alarms and how to bypass them. For example, motion sensors are often used to detect any movement in specific areas.
Like those laser beams you see in like heist movies and stuff.
Yeah that's the Hollywood version, right, but in reality they're often much more discrete. They use infrared or microwave technology to detect movement.
Okay, so how do you how do you even get past a motion sensor without setting off the alarm? Do you have to like freeze like a statue?
It's it's not quite that simple. There are a few techniques, and they range from you know, maybe disabling the sensor itself to using some kind of distraction or just carefully navigating the environment so you can avoid the sensor's detection range.
So like maybe toss a tennis ball to distract it potentially, or crawl on your belly to stay below its line of sight.
Yeah, could involve things like that. It all requires careful observation and really understanding how that sensor works.
I must be pretty intense trying to like move through a secured environment knowing that one wrong step could trigger the alarm and like bring the whole operation to a screeching halt.
Oh yeah, there's definitely a lot of pressure. And motion sensors are just one type. Contact sensors, which are often used on doors and windows, are another challenge they'll face.
So if you if you open a door or a window that's protected by a contact sensor, then the alarm goes off exactly.
It's based on this simple circuit that breaks when the door or window opens.
Okay, so how how do red teams deal with that? Do they have to find a way to open it without actually breaking the circuit?
That's one approach, like maybe carefully shimmying a window open without unlatching it, or using a tool to bypass a sensor.
Yeah, that sounds like it would require a lot of skill and like precision.
Yeah, you definitely need a delicate touch when you're working with contact sensors. But like with any challenge in physical red teaming, it's all about understanding that system and finding that way to exploit its weaknesses.
It's really fascinating how much of this is about kind of outsmarting technology. Yeah, almost like a game of chess.
There's definitely a strategic element to it. But we can't forget about maybe the most pervasive security measure we see today, which our camera.
Oh right, cameras are everywhere these days, everywhere. It feels like we're like constantly being watched. So how do red teams operate under that kind of surveillance? Do they have to like be Ninja's dodging spotlights and leaping from rooftop to rooftop.
It's not quite as dramatic as that, but you know, avoiding cameras is a critical part of the job.
Okay.
Red teams will spend a lot of time studying blueprints, you know, analyzing camera footage, mapping out that whole environment just to identify any blind spots or any areas where they can move undetected.
So it's about like understanding those limitations of the camera system and using the environment you know, to your advantage.
Right, it might involve using shadows, staying low to the ground, timing your movements to those blind spots in the cameras coverage.
Okay, but what if what if avoiding them is just not possible? Like what if they absolutely have to go through an area where there are cameras everywhere.
In those cases, they might resort to other tactics like using disguises or blending in with the crowd to avoid being easily identified.
So like maybe putting on a janitor's uniform, yeah, or you know, just usually strolling past with a group.
Of tourists exactly. It's all about being creative, using deception to make yourself less conspicuous.
What if even that's not enough, what if they actually need to like disable a camera temporarily.
Well, there are ways to do that, but those are really those tactics are a last resort and only if it's specifically outlined in the in the rules of engagement.
Right, because you don't want to like cause any unnecessary damage or raise any unnecessary alarms, right. It's about being strategic and minimizing risk.
Absolutely, and it's important to reiterate these techniques are only used in a controlled and ethical environment as part of a professional security assessment.
Of course. So we've talked about ground sensors and fences and locks, alarms, cameras. It sounds like like every step of the way there's another challenge to overcome.
Right.
But let's say the Red Team has navigated all these obstacles, they've reached their objective. What happens next, Well.
That's when they move into the penetrate and control phase.
And that I mean that sounds that sounds pretty self explanatory, but what does what does that actually involve?
It's basically about establishing that foothold within the target environment, maintaining control of the situation, and ensuring that the mission objectives are met.
So it's not enough just to get in. They have to be able to stay there and carry out their plan.
And that might involve things like setting up like a temporary command post, securing their communication lines, or even you know, disabling additional security measures just to create that safe operating space.
I bet that takes a lot of a lot of situational awareness. Oh yeah, and the ability to like think on your feet.
Absolutely. The penetrate and control phase is often very unpredictable. Yeah, and they need to be prepared for anything.
Okay, So what what are some of the key considerations during this phase?
Well, one important factor is the duration of the operation. How long does the Red Team need to remain in actually you know, accomplish everything They need to.
Do, right, because I mentioned the longer they stay in there, the more likely they are to be contacted.
Exactly, So you have to carefully balance that need to gather information with minimizing their exposure.
Right. Okay, what else, Well.
Another key consideration is communication. How do they maintain contact with.
Their base, right, because they can't exactly just like pull out their cell phones and start texting each other.
No, they have to use secure communication methods that won't, you know, compromise their location or the entire mission.
So think like encrypted radios or specialized messaging apps exactly.
And communication is crucial not only for relaying information, but for coordinating their actions and responding to anything unexpected that happens.
So it's like the lifeline. Yeah, that connects them to the outside world precisely. Okay, So the Red team has established control, they're communicating electively, they're carrying out their mission.
What happens next, Well, eventually they're going to have to exfiltrade XFRAL trade.
That sounds a little dramatic.
Yeah, but it just means leaving the target environment, okay, safely and discreetly.
Right, And I'm guessing that's not as easy as just you know, walking out the front door.
Not Usually, the Red Team has to very carefully plan their exit route, taking into account any potential obstacles, security patrols, surveillance systems.
So it's like a it's like a strategic retreat, minimizing minimizing risk at every turn.
Yes, and communication is still crucial in this phase. They have to stay in contact with their base, letting them know where they are and if there are any obstacles or any.
Threats, so if something unexpected happens, they can you know, call for backup or change their plans.
Right. Flexibility is essential.
Okay, So let's say the Red Team has managed to evade all those security measures and they've made it back to their rendezvous point. What happens next? Do they all go out for like pizza to celebrate a successful mission.
Well, a celebratory pizza might come later, but first there's the debriefing process. That's where the team gathers to share their observations, you know, their insights, and any evidence they've collected.
So we're talking notes, photos, videos, maybe even like physical samples of locks or security systems.
Yes, all of that, and all that information is carefully documented and analyzed to identify vulnerabilities, assess how effective the current security is, and develop recommendations on how to make things better.
So the expiltration isn't just about escaping, it's about bringing back that valuable intelligence that they can use to make the target environment more secure exactly.
And that's the ultimate goal of physical red teaming, identifying and mitigating those weaknesses before a real attacker can exploit them.
Well, I think we've explored just about every aspect of physical red teaming in this deep dive, from the planning and reconnaissance to those daring offensive strikes to these strictrategic retreat of exfiltration. It's been a wild ride.
We've really delved into the mindset, the methodology, and those tactics that they use to test and strengthen security.
It's clear that this line of work takes like a unique blend of technical expertise and physical ability and strategic thinking and like a good dose of creativity.
Absolutely, physical red teaming is challenging, but it's vital in today's world.
So as we wrap up, I want to leave our listeners with one final thought to ponder. In an age where technology is constantly evolving and security threats are becoming more sophisticated. How will physical red teaming adapt, you know, what new tools and tactics will they come up with. How will they continue to push the boundaries to ensure that our critical infrastructure and sensitive information are protected.
It's a great question. The world of security never stands still no, and red teaming is going to have to evolve right along with it.
Yeah, it's a reminder that security is an ongoing process. It's a constant like game cat and mouse between those who are trying to protect things and those who are trying to you know, exploit them.
I agree, and understanding the principles of physical red teaming can help us all, you know, just become more aware of our own security vulnerabilities and hopefully, you know, take steps to mitigate those risks, whether it's in our homes, our workplaces, you know, yeah, even online.
That's that's a really good point. Well, thank you for joining us for this deep dive into the world of physical red teaming. We hope you found it informative, thought provoking, and maybe even a little bit inspiring. Until next time, stay curious, stay vigilant, and stay secure. We're back and ready to wrap up our deep dive into physical red teaming. We've talked about like everything from the planning and recon
to those you know, those crazy offensive strikes. But as we've learned, getting out can be just as hard as getting in.
Absolutely, exfiltration is a final act and it really requires that same level of planning and careful execution as every other part of the operation.
So let's talk about that art of like, you know, disappearing. What are some of the key things to keep in mind for really successful exultration.
Well, the biggest thing is avoiding detection. The teams work so hard to stay under the radar, you know, they don't want to blow their cover at the last minute.
Right, imagine making it through the whole mission, and then like tripping an alarm or getting caught on camera, you know, on your way out, What a way to ruin a perfectly good infiltration.
Right. So the exit route it's usually just as carefully planned as the way in. The team, you know, they'll analyze maps, they look at security patrols, and they try to identify those like blind spots or weaknesses they can use.
So I'm picturing like back alleys, service entrances, maybe even blending in with the crowd to make a quiet exit.
Yeah, all of those are possibilities. And they'll also think about the time of day, whether you know, anything that could affect how visible they are.
It's like a strategic retreat, you know, minimizing risk every step of.
The way, right, they're not just running for the hills.
Yeah, exactly. And communication that's got to still be really important during this part.
It is the team needs to stay in contact with their base, letting them know their location, any obstacles, any threats they might encounter, so.
Something unexpected pops up, they can call for backup, adjust their plans exactly.
Yeah, that flexibility is so important.
Okay, so let's say, you know, they make it past all the security measures and they're back at their meeting point. Yeah, what happens then do they do? They all go out for pizza to celebrate.
Huh, Well, the pizza might come later. First comes the debriefing. That's where the team gets together and they share, you know, their observations, their insights, any evidence they've gathered, so.
Notes, photos, videos, maybe even like physical pieces of locks or security systems they've gotten their hands.
On, exactly, and all of that is carefully documented and then analyzed to you know, really figure out where the vulnerabilities are, how effective the security measures were, and what recommendations they can make for improvement.
So exiltration isn't just about getting away, it's about bringing back that valuable information to make things more secure.
Yeah, and that's really the whole point of physical red teaming, finding those weak spots and fixing them before a real attacker can use them.
I think we've really covered every angle of physical red teaming in this deep dive, from that super detailed planning to those you know, those intense offensive strikes, to that strategic retreat of exultration. It's it's been pretty fascinating it has.
We've gone deep into the mindset, the methodology, you know, the actual tactics that these professionals use to test and strengthen security.
And it's clear this line of work takes a special combination of skills, technical expertise, physical ability, strategic thinking, and a whole lot of creativity.
Absolutely, physical red teaming is a challenging field, but it's incredibly important in the world today.
So as we wrap up this episode, I want to leave our listeners with something to think about. In a world where technology keeps changing and those security threats becoming more and more complex. How will physical red teaming keep up. What new tools and tactics will they need to develop, How will they continue to push the boundaries to make sure that you know that our critical infrastructure and all our sensitive information stay protected.
It's a great question to consider the world of security and never sit still, and red teaming has to change and adapt right along with it.
Yeah, it's a constant reminder that security is an ongoing process. It's a never ending game, you know, between the people who are working so hard to protect things and those who are looking to exploit them.
Right, and I think understanding the principles of physical red teaming can help all of us be more aware of those security vulnerabilities in our own lives and hopefully take those steps to minimize those risks, whether it's at home, at work, or even online.
Well said, thank you for joining us for this deep dive into the world of physical red teaming. We hope you found it, you know, informative and interesting and maybe even a little bit inspiring. Until next time, stay curious, stay vis and stay secure.