Red Teaming
Introducing new realistic enterprise-level attack scenarios (and how to become a Red Team Operator!)
Pro Labs is a cornerstone for red team skills development. Utilized by both new professionals who’ve graduated to full-time employees and businesses who are building their security teams.
JXoaT,
Oct 15
2024
Table of Contents
There are plenty of seasoned professionals who have shared their certifications and experiences with Pro Labs over the years. Labs like Dante, Rasta Labs, Offshore, and Cybernetics have been cornerstones for those looking to test themselves in the parameters of the Red Team Operation (RTO) mindset.
After all, finding a product to develop an authentic red team mindset that caters to both beginners and pros is a feat that requires dedication. But, we have been hard at work for years delivering experiences that go beyond point-and-click engagements.
So, we are here to briefly talk about a revamped Pro Labs offering to bring you a more modular and impactful lab experience.
So, let’s dig into the nature of these beasts, how they offer a unique challenge that goes beyond pentesting upskilling, and how to utilize them whether you're an individual user or professional team.
Cultivating an adversarial mindset
In our industry, the line drawn between what’s considered pentesting and red teaming is often hotly debated. It isn’t without good reason.
The offensive skills that researchers acquire can be applied seamlessly across different types of engagements, from pentesting to red teaming. Additionally, professionals who’ve been on pentesting engagements might have had more open scopes that allowed for more adversarial movements.
The designation that we believe most accurately defines how we approach Pro Labs, and distinguish between pentesting and red teaming, lives within the RTO mindset, which will further be reflected in upcoming changes.
Each lab encourages you to operate as an internal threat. While you might incorporate tooling or methods that exist within pentesting, you aren’t beholden by a direct scope or individual asset.
You’re let loose within a simulated enterprise network to pivot, elevate privileges, evade endpoint detection, and compromise along the way.
In fact, being curious can lead you to find flags that could be missed by taking attack pathways that are too direct! The largest difference between the two competencies is mindset. You're not just hacking for the sake of breaking stuff, but trying to think like the adversary.
Pentesting and red teaming can overlap—especially in that both are trying to find weaknesses. But the difference usually comes down to scope and strategy. Pentests are more about targeted vulnerability hunting with a checklist, while red teaming is about simulating the mindset and motivations of a real adversary (usually over a longer-term engagement).
We want you to live within our Pro Labs and graduate your understanding of how you’d exercise stealth, pivot with efficiency, and find your way to the bedrock of the engagement.
How users can utilize Pro Labs to elevate their red team skills
Any one of our Pro Labs is an undertaking that challenges your skills. You are meant to bring a new mindset to overcome familiar situations in a simulated and ongoing campaign. The amount of dedication and time to do these has always been a limiting factor.
We understand time is a factor for researchers, students, and those working through the week. So, we’ve decided to bring you all shorter labs in the form of something familiar.
Recent additions to Pro Labs scenarios
Former Endgames on HTB Labs are now transitioned to Pro Labs and ranked in accordance with the Red Team Operator Levels. Allowing anyone with a Pro Lab subscription to find a shorter engagement that fits their desired difficulty level.
You will still need to take all the techniques you’ve gained through Academy and Labs to break through these enterprise environments. So, breakout all the notes you have in Notion, Obsidian, Vim, or your preferred note-taking app—you’ll need it.
We previously mentioned the Red Team Operator Levels.
These levels allow users to scale from beginner to advanced environments.
-
Red Team Operator Level I: You should expect a challenge, this is your first time thinking like an adversary! However, the labs are geared towards foundational skills (attacks, techniques, and procedures (TTPS), shorter labs, and common vulnerabilities/misconfigs.
-
Red Team Operator Level II: This is where you start to get more specialized. The length and difficulty will be raised. You’ll also start to see more unique situations that deal with technologies from Active Directory to understanding lower levels of an ICS network!
-
Red Team Operator Level III: This is for experts. By this point, you’re dealing with secured infrastructure. You’re not getting anywhere without being clever about elevating privileges and maintaining persistence.
-
Red Team Operator IV: If you’ve made it this far, you’ve made it to the top of the mountain. You are compromising this by utilizing sheer research and grit. No CVE will help you here, you’re breaking through this with everything you got. This will give experts a run for their money.
As of October 2024, we have 11 available Pro Labs on HTB Labs comprising 4 new Mini Pro Labs. The remaining 4 Mini Pro Labs (Odyssey, Solar, Ascension, and RPG) will be added to the platform in the following weeks.
Pricing and access
Community members have access to all Pro Lab scenarios with a single subscription with the ability to switch between scenarios at any given moment. All users now have the opportunity to try mini Pro Labs without any paywall by accessing 3 scenarios, which will remain free-to-play for Hacker rank holders and above.
Upon completion, users are rewarded with up to 40 CPEs and a certificate.
Pro Labs will continue to grow, and with the addition of smaller labs (formerly Endgames), any user will find the perfect fit to develop their red teaming skills.
Enterprise red teaming is all about collaboration
When we think of red teaming, we aren’t just thinking about one team. In fact, it’s best utilized when the entire security team is in the room.
There’s a military term called “Force Integration.”
It refers to the coordination and unification of different branches, units, or forces to achieve a common mission. Each force—whether it’s infantry, artillery, air support, or intelligence—brings unique capabilities to the table, and when integrated properly, they amplify each other’s strengths to create a more effective and cohesive operation.
Where red teaming becomes a true asset for companies is when they have applied it as a learning process for collaboration and improvement. Joining forces and going purple!
Earlier this year, we spoke to a company who was doing just that. Easi’s security team has been utilizing joint operations to not only help strengthen the individual skills, but creating a 360 approach to their process strengthened by Professional Labs.
The quality of their training has only been reinforced by another critical factor of Professional Labs, they are mapped to the MITRE ATT&CK Framework. Not only have they found a way to run training together, but have collectively trained on 55 MITRE ATT&CK skills.
A purple team approach starts with having the dedication to create teams that replicate a threat inside of the enterprise. Then bringing those teams together to find their roles in developing advanced training.
Give your teams the scenarios to begin conducting and evaluating blindspots in current methodologies. There’s no doubt your team won’t become a force to be reckoned with.
Pricing and access for Enterprise
All scenarios are automatically available to corporate teams and organizations within the Professional Labs offering on HTB Enterprise Platform, coming with business-exclusive features such as MITRE ATT&CK mapping, Restore Point, and official write-ups.
Teams with an existing Professional Labs environment can easily assign and rotate labs as part of the skills development plan with a couple of clicks. Upon completion, team members are rewarded with up to 40 CPEs and a certificate of completion.
If your organization does not have access to HTB Enterprise Platform or Professional Labs, fill out the form below to consult our team to create a tailored workforce development plan based on the latest vulnerabilities and exploits.
