Red Team Engagements | Tryhackme

THM room : https://tryhackme.com/room/redteamengagements

Task 1 Introduction

Q.Read the above and continue to the next task.

Answer: No answer

Task 2 Defining Scope and Objectives

Q.What CIDR range is permitted to be attacked?

Answer: 10.0.4.0/22

Q.Is the use of white cards permitted? (Y/N)

Answer: Y

Q.Are you permitted to access “*.bethechange.xyz?” (Y/N)

Answer: N

Task 3 Rules of Engagement

Q.Once downloaded, read the sample document and answer the questions below

Answer: No answer

Q.How many explicit restriction are specified?

Answer: 3

Q.What is the first access type mentioned in the document?

Answer: Phishing

Q.Is the red team permitted to attack 192.168.1.0/24? (Y/N)

Answer: N

Task 4 Campaign Planning

Q.Read the above and move on to engagement documentation.

Answer: No answer

Task 5 Engagement Documentation

Q.Read the above and move on to the upcoming engagement specific tasks.

Answer: No answer

Task 6 Concept of Operations

Q.Read the example CONOPS and answer the questions below.

Answer: No answer

Q.Based on customer security posture and maturity, the TTP of the threat group: FIN6, will be employed throughout the engagement.

Answer: No answer

Q.How long will the engagement last?

Answer: 1 Month

Q.How long is the red cell expected to maintain persistence?

Answer: 3 Weeks

Q.What is the primary tool used within the engagement?

Answer: Cobalt Strike

Task 7 Resource Plan

Q.Navigate to the “View Site” button and read the provided resource plan. Once complete, answer the questions below.

Answer: No answer

Q.When will the engagement end? (MM/DD/YYYY)

Answer: 11/14/2021

Q.What is the budget the red team has for AWS cloud cost?

Answer: $1000

Q.Are there any miscellaneous requirements for the engagement? (Y/N)

Answer: N

Task 8 Operations Plan

Q.Navigate to the “View Site” button and read the provided operations plan. Once complete, answer the questions below.

Answer: No answer

Q.What phishing method will be employed during the initial access phase?

Answer: Spearphishing

Q.What site will be utilized for communication between the client and red cell?

Answer: vectr.io

Q.If there is a system outage, the red cell will continue with the engagement. (T/F)

Answer: F

Task 9 Mission Plan

Q.Navigate to the “View Site” button and read the provided mission plan. Once complete, answer the questions below.

Answer: No answer

Q.When will the phishing campaign end? (mm/dd/yyyy)

Answer: 10/23/2021

Q.Are you permitted to attack 10.10.6.78? (Y/N)

Answer: N

Q.When a stopping condition is encountered, you should continue working and determine the solution yourself without a team lead. (T/F)

Answer: F

Task 10 Conclusion

Q.Read the above and continue learning!

Answer: No answer