Red team, blue team game

by Ahmad-Naim on Dec 06, 2021 in Threat Intelligence, Tools

Hi Readers, it’s me again ( ??? )/

“Red light, green light” is one of six survival horror games in the Netflix popular series, Squid Game. Fortnight, Minecraft, Grand Theft Auto 5, and other online games (I couldn’t list all of them since the list goes on) have provided ways for us to experience the twisted world of Squid Games safely in the comfort of our homes or whichever place that you decided to try out the games virtually. “What is the correlation of “red light, green light” to today’s topic?” you may ask. The survival games in Squid Game are scary, mind-boggling and sadistic but in the area of cyber security, we are dealing with incidents such as data breaches and ransomware that are hugely detrimental, too, minus the gore in most cases, I guess.

The key point of today’s blog discussion: How can cybersecurity practitioners safely experience these dreadful incidents via virtual medium and creative means provided by the game developers?

For cybersecurity practitioners, there is also a game that is played by cybersecurity practitioners that I call the ‘red team, blue team’ game. This game is hugely beneficial for an organization to measure one’s security readiness in preparation for the impending cyber-attacks. Advanced Persistence Threats (APT) are highly sophisticated and threat actors would always find ways to intrude or cause harm. We don’t want to be caught with our pants down because that would be a nightmare and pretty much embarrassing. We could at least put up a preemptive measure beforehand to at least safe face and minimize the impact.

In a ‘red team, blue team’ game there are two sets of players: the red team and the blue team. The red team role is to mimic a cyber-attack to intrude and cause harm while the blue team is supposed to defend as well as respond to the cyber-attack by the red team. This is relatively similar to the fire drill that firefighters do for awareness purpose through exercises before, during and after a fire incident.

Those that are following my blogs would be able to guess the technology that I would be using in this post. Yes, we are using Docker and let me introduce a tool that would be great to have in the ‘red team, blue team’ game called VECTR.

VECTR is a tool developed by Security Risk Advisors. This is a tool that facilitates the tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios. Those who would like to read more on this, go on to https://docs.vectr.io/. Enjoy reading! The ones that are far too excited to begin and can’t wait, buckle up and follow the steps I’ve listed below.

  1. Download the VECTR releases from the link below.
  2. https://github.com/SecurityRiskAdvisors/VECTR/releases/tag/ce-8.0.5  (This is the latest version at the time of this posting).
  3. Click on the sra-vectr-runtime-8.0.5-ce.zip to download the Docker compose file for the tool and unzip the file when the download finishes.
  4. Now, you should see the docker-compose.yml file.
  5. Edit the device hosts file according to the device operating system that you are using and add on “sravectr.internal” to the localhost. You can also change the hostname according to your preference but remember to edit the VECTR_HOSTNAME variable in the .env file.
  6. By now, you should know the drill. Open up your terminal and run the command “ docker-compose up –d”.
  7. Let the images finish downloading and this might be a good time to watch the Squid Game series on Netflix if you haven’t. After one or two episodes, the download should be done. 

     

    • Figure 1: VECTR Login Page
  8. Open up your browser and go to https://sravectr.internal:8081/ and you should see the login page as shown in Figure 1. Take note that the browser may give a warning when going to the link because the tool is using a self-signed certificate.

     

    • User: admin

      Password: 11_ThisIsTheFirstPassword_11

  9. Enter the credentials given and for now, choose an organization and the DEMO_PURPLE_CE for the session database option. You can configure the organization settings if you want.

     

    • Figure 2: VECTR
  10. Voilà! Figure 2 shows the dashboard for VECTR. These are the ten steps to get the tools running. Easy peasy lemon squeezy.

As much as I want to continue writing, I don’t want to make this a lengthy post. I’ll save the good stuff for the future blogs to cover VECTR functionalities as well as how to use them. Apart from that, VECTR is only used to facilitate the ‘Red team, blue team’ game. Many aspects of the game such as building the red team and the blue team environment are not discussed yet. Well, that means it is something to look forward to, right?

If you like this posting, stay tuned for the next one. In the meantime, have fun “Netflix and Docker”. Stay safe!

 

Credits: Security Risk Advisors (VECTR), Netflix and the games that I mentioned.

 

 

Comments are closed