Over the years and regardless of their specialization, I have met only a couple of people that didn’t like offensive security operations. But most people, have no idea how such an engagement happens. N.B: In this article (and the subsequent ones in the series) we are only talking about legal engagements, where you have permission to attack a system (or for fun, in your own local vulnerable VMs). Don’t forget that you can be prosecuted if acted against those common sense guidelines. What Is an Offensive Security Engineer? An offensive security engineer is a professional who is responsible for identifying and exploiting vulnerabilities in networks, systems, and applications. They conduct penetration testing and other security assessments to find weaknesses in a company’s defenses and provide recommendations for improvement. Also, offensive security engineers work on “ethical hacking projects”, performing simulated attacks to test the security of a company’s systems and networks. They use their skills and knowledge to mimic the actions of real-world attackers and identify potential entry points that could be exploited by malicious actors. High-level Engagement Steps A team of offensive engineers (usually called red team), use a set of steps like the ones below, to perform their engagement. : Determine the scope of the engagement, including what systems and networks are in scope and what types of attacks will be simulated. Scope : Conduct reconnaissance to gather information about the target systems and networks, such as IP addresses, network topology, and software versions. Reconnaissance can be either passive or active. Gather information By passive we mean, searching public information or semi-private ones like social media. Two known tools in the passive recon realm are the Shodan search engine and theHarvester. By active we mean directly probing a system with tools like Nmap or Amass. : Use tools and techniques to identify vulnerabilities in the target systems and networks. This can include scanning for open ports, testing for weak passwords, and looking for unpatched software. Known tools here are Nessus and OpenVAS. Identify vulnerabilities : Attempt to exploit the identified vulnerabilities to gain access to the target systems and networks. Metasploit anyone? Exploit vulnerabilities : Record all findings, including vulnerabilities that were successfully exploited and those that were not, as well as any recommendations for remediating the issue. You thought you will only break machines and go home? 🙂 Document findings and report Who Decides the Minutiae? A company might have an internal or an external red team. An engagement process is usually proposed by cybersecurity organizations like and might be adapted to the team’s needs. An internal team might be affected more by the decision of senior leadership (e.g., the ) than an external team. MITRE CISO Regardless of whether the red team is internal or external, the engagement process should be well-defined and documented to ensure that all parties understand the scope and objectives of the engagement. How Do You Become a Red Team Member? I think the right question is, how to increase your offensive engineering mindset. Becoming a red team member is a by-product of that. In my humble opinion, even though there is a shortage of people with proper cybersecurity skills, the red team area is a bit congested. To start building your offensive mindset, I would suggest the following process: . Yeah, there is no shortcut to that. A good starting point is Coursera’s on the fundamentals of cybersecurity. Learn about cybersecurity foundations course Confidence with programming. Not a deal breaker, but you will need to write your exploit or automate a process, sooner rather than later. . Same as above, not a deal breaker, it will level up your game faster if you do. Confidence with networking . You need to be able to construct an attack route, given a vulnerability. Most of the time, you will have seen something similar before, but sometimes not. And this is where you truly need that skill. Analytical thinking . No escape here either. You can use platforms like and or build your own lab with vulnerable images like Practice, practice, practice tryhackme hackthebox vulnhub . Attend , read industry , and participate in online communities to stay informed. Stay up-to-date conferences publications Conclusion Becoming an offensive security engineer is a challenging but rewarding career path. It requires a combination of education, work experience, certifications, and ongoing learning to stay up to date with the latest security tools and techniques. With the right skills, knowledge, and experience, offensive security engineers play a critical role in protecting organizations from cyber and helping them stay one step of attackers. threats ahead

2022 - HackerNoon Contributor of the Year - Authentication

Nominated for 2022 - HackerNoon Contributor of the Year - Authentication

Too Long; Didn't Read

Questions about cloud security? Get answers here.

How to Join the Offensive Security Highs (Part 1 of the Journey)

Too Long; Didn't Read

Periklis Gkolias

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

How to Join the Offensive Security Highs (Part 1 of the Journey)

Too Long; Didn't Read

Periklis Gkolias

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES