In 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a red team operation against an FCEB (Federal Civilian Executive Branch) organization. In July 2024, CISA released a new CSA that detailed the findings of this assessment along with key findings relevant to the security of the organization’s network.
One of the interesting findings of this SILENTSHIELD assessment was the renewed importance placed on defense-in-depth strategies. This was determined after the FCEB organization failed to respond effectively to the network breach and lacked sufficient controls to log the simulated attack.
What took place during CISA’s SILENTSHIELD red team assessment?
Early last year, CISA’s red team conducted a SILENTSHIELD assessment of an FCEB organization, simulating a cyberattack to identify exploitable vulnerabilities. CISA summarized its assessment into two phases: adversary emulation and collaboration.
During the assessment, the red team successfully gained access to the organization’s connected networks and systems by exploiting a known vulnerability in an unpatched server. The team was then able to move laterally through the network and gain access to protected information.
Below is a summary of how the red team was able to achieve its goals.
Credential access, command and control and privilege escalation
The red team gained access through an exploit in the Solaris enclave, which allowed them to obtain the necessary credentials to access a privileged server account. This allowed them to progress further through the network.
The red team also used successful phishing schemes ..
Support the originator by clicking the read the rest link below.
