OBFUSCATION, STEALTH, AND NON-ATTRIBUTION IN RED TEAM TOOLS
Loading...
Authors
Hembree, Dwain K.
Subjects
automated
red team
red team tools
Cyber Automated Red Team Tool
CARTT
obfuscation
stealth
non-attribution
evasion
advanced persistent threat
APT
Internet Control Message Protocol
ICMP
Domain Name System
DNS
red team
red team tools
Cyber Automated Red Team Tool
CARTT
obfuscation
stealth
non-attribution
evasion
advanced persistent threat
APT
Internet Control Message Protocol
ICMP
Domain Name System
DNS
Advisors
Shaffer, Alan B.
Singh, Gurminder
Date of Issue
2024-09
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Current automated red teaming tools are limited in their ability to emulate advanced persistent threat (APT) behaviors. Supporting such behaviors in automated security assessments and tools can be helpful for improving organizations’ cyber defense preparedness. This research enhances the Cyber Automated Red Team Tool (CARTT) by integrating advanced evasion techniques to better simulate sophisticated cyber threats. By incorporating Metasploit Framework evasion modules and new custom Internet Control Message Protocol (ICMP) and Domain Name System (DNS) evasion capabilities into CARTT, its ability to evade detection by common security controls is significantly improved. The research demonstrates how obfuscation, stealth, and non-attribution techniques can be effectively automated into red teaming tools. The enhanced CARTT was tested in a simulated operational environment, which demonstrated its effectiveness in identifying vulnerabilities and assessing the robustness of security measures. Results of the research showed successful evasion of antivirus detection systems and covert data exfiltration using the newly implemented techniques. The enhanced CARTT will enable network managers as well as cybersecurity professionals to conduct more thorough evaluations of defense mechanisms against sophisticated threats, ultimately strengthening overall cybersecurity postures.
Type
Thesis
Description
Series/Report No
Department
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Distribution Statement A. Approved for public release: Distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.