Recently, many of the leading security consulting businesses in Australia, including The Missing Link, sent their fiercest competition to Brisbane for a four-day course in Adversary Tactics - Red Team Operations, run by SpecterOps, an American company that employs some of the best in the world in both red teaming and blue teaming.

During this training session, all teams participated in a capture the flag competition set up in an elaborate lab to simulate an advanced red team scenario. The objectives were to gain access to sensitive data, commit-level access to source code, and cross forest boundaries. Each team had to gain a foothold in the environment and start moving laterally through three domains across two forests. A wide variety of tactics, techniques and procedures were used to gain access to systems and capture the flags. A blue team was actively hunting the competitors and blocking their progress when bad OpSec (operations security) was detected.

Our team was the first to capture a flag and led the way for the duration of the exercise (apart from an hour during the second day). They were delighted to complete the exercise ahead of the rest of the pack, with an entire day to spare, and were the only team to capture the flag for the Device Guide bypass. Not only that, they were able to complete all necessary tasks without needing any clues or assistance from the trainers. This highlights the true depth of experience contained within this core group of The Missing Link cyber security experts.

There are three things that really made a difference for our team during this training exercise:

• Our expertise in advanced Active Directory attacks allowed us to elevate our privileges and compromise all three domains and two forests on the first day
• Effective operations security practices allowed us to persist in the environment with minimal interference from the blue team
• Our expertise in Windows internals and thorough post-exploitation enumeration allowed to us capture hard to find flags.

It was an excellent opportunity to gauge our strength against some of the best in Australia, and we are incredibly proud of the result. We are looking forward to exercising the lessons learned and new tradecraft that we developed during the training on red team attack simulations for our clients.

Contact us to learn more about red teaming and how The Missing Link performs cutting edge security research around novel Active Directory attacks, Windows attacks, new TTPs and more.