Note: this is the course capstone for Responsible Red Teaming, which is available at The Taggart Institute for free! If you have not taken that course, I strongly recommend it. But it is not required to do this challenge.
The Taggart Institute: Master Your Craft
Great hackers are good people. Many courses on red teaming will teach you the technical process of how to exploit targets. But seldom do courses cover what it means to carry out the role of a red teamer responsibly.
Date: Oct 20th, 2022
Company: SecureEnts Cybersecurity Consulting Firm
Role: Junior Red Team Operator
You are a new red team operator at SecureEnts, an up-and-coming IT security consulting firm. The firm specializes in web application penetration testing, full-scope red team engagements, and other types of offensive security consulting. You joined the team last week and are ecstatic to jump into the team’s next engagement!
The target for this engagement is RisottoCorp, the leading provider of short-grain rice dish services. RisottoCorp’s leadership have noticed a slew of ransomware attacks that have targeted other food service corporations lately and are worried about their own infrastructure. SecureEnts has accepted the contract and the engagement window begins today.
RisottoCorp’s lead of IT has provided you with a list of DNS records that are in scope for the test. The team has tried to get more information from the IT team about what else can be considered in scope, but the IT team has been slow to respond. Unfortunately, that means your team doesn’t have a lot to go on.
The Friday before the engagement kickoff, your team receives the following email:
SecureEnt team, I apologize for the late responses. The RisottoCorp leadership tends to task us randomly and we’ve been very busy. I did have time to sit down and add the original scope document that you provided with my inputs. I think this should be sufficient to begin the engagement. Please find my inputs attached. Thank you! IT Lead, RisottoCorp
Your team has three weeks to perform a full scope red team engagement. Time is of the essence!
What do you do?
I’ll ask my team lead for their opinion. This seems like a tricky situation and I don’t want to make the wrong call.