Easi is a European IT services partner with over 400 employees, including a dedicated Red and Blue team. Founded in 1999, the firm provides a range of managed IT and cybersecurity services (penetration testing, security operations center, security audits, etc.,) to mid-sized and large organizations and has served over 800 clients.
Their story
Easi’s training and development requirements reflect its diverse list of IT and cybersecurity services. Training has to meet the needs of both Red and Blue teams to support a range of general, defensive, and offensive technical services.
This required a Purple team approach to training in which both Red and Blue teams could collaboratively share knowledge, improve practical skills, and support each other. Mickey De Beats, Easi’s Red Team Cybersecurity Consultant, knew that a Purple team approach would help:
-
Ensure that high-quality technical services are delivered to clients thanks to employees having up-to-date skills mapped to the MITRE ATT&CK matrix.
-
Identify important skills gaps in both Red and Blue teams.
-
Rapidly close skills gaps by encouraging specialists from each team to share technical knowledge on a frequent basis.
Already familiar with Hack The Box (HTB) from his time as a student, Mickey was confident in HTB’s ability to facilitate practical training for both Red and Blue teams. In fact, he shares that one of his highlights during his second year of studying IT was hacking the invite code (in the past, HTB was only accessible to those who completed a hacking invite challenge) and attending HTB community meetups.
Our cybersecurity training philosophy revolves around training that’s useful in actual engagements with clients. The more practical and close to real life, the better.
We’re also trying to map most of our training to the MITRE ATT&CK Matrix so that we can show clients what we’ve trained on. HTB Pro Labs being automatically mapped to the MITRE ATT&CK Matrix is therefore extremely useful.
Mickey De Beats, Red Team CyberSecurity Consultant, Easi
Their goals
1. Replicate attacking and defending enterprise networks
The Easi team’s main priority is “qualitative cybersecurity training that’s close to real engagements.” This is critical for practically upskilling both Red and Blue teams, guiding juniors towards certifications, and ultimately, improving the quality of work delivered to actual clients.
Employees were already upskilling on the main HTB platform with individual machines. Easi, however, wanted to replicate training that would resemble penetrating, defending, and investigating attacks on real enterprise networks. An example of this is having users pivot between multiple networks, moving laterally and vertically, and getting domain admin, which is not easily replicated on isolated machines.
2. Experiment with cutting-edge Red and Blue team techniques
To experiment with new tools and techniques, the team also wanted a realistic environment (including different admin levels, up-to-date exploits, and network segmentation) that could serve as a secure, quick-to-deploy cyber lab.
Professional Labs has helped us gain more experience with the Sliver C2 and Mythic C2 frameworks. We have almost no deployment time, but enjoy a secure environment in which we do not have to worry about breaking stuff or client data.
We’ve also used Mythic C2 to keep our ‘operation’ between Red teamers separate. (This way, we can’t see each other’s sessions).
Thomas Hayen, Red Team Cybersecurity Consultant, Easi
Letter of engagement that Thomas sent to the Red Team before they started the Offshore Professional Lab (a real-world enterprise lab environment that features a wide range of modern Active Directory flaws and misconfiguration.)
3. Onboard and assess new hires
The team also wanted the ability to invite new hires to a lab environment aid with:
Their solution
Mickey and his team use HTB Professional Labs to support Purple team training on the latest tactics, techniques, and procedures (TTPs). They’ve done a great job of creating an effective Purple team training strategy that upskills both Blue and Red teams in an engaging, educational, and effective manner.
Choosing a machine that everyone in the Red team has compromised, attackers ensure they have initial access, do their privilege escalation, add the machine to their C2 framework, and have a backdoor. Then, administrator or root accounts are created for the Blue team. Blue teamers must investigate the machine to find all traces of attacks conducted by the Red team.
The Blue team gains points for every trace of an attack they discover, which also causes the Red team to lose points. Conversely, the Red team is awarded points when the Blue team fails to uncover an attack.
As well as training with the latest TTPs, the goal is for each team to debrief the other team on how they would’ve mitigated issues. If, for example, there are things that the Blue team did not find, Red team members will explain their full path of attack. Similarly, Blue teamers will also share how they investigated and discovered evidence of an attack. This collaboration means both teams continually sharpen each other’s skills.
Offshore machines in the Sliver C2.
As part of the training process, the team also hosts monthly knowledge-sharing sessions for general topics that incorporate the training completed by both Blue and Red teams on HTB. These sessions help Easi employees strengthen communication and relationships internally as part of a wider team, and externally on client engagements.
In real engagements, you must keep searching for clues and putting everything into context. Sometimes it’s the little things that cause great breakthroughs, and thus attention to detail is very important. Some tools might also react differently when working in two different network segments. Professional Labs definitely prepares and trains you for these scenarios.
Mickey De Beats, Red Team CyberSecurity Consultant, Easi
Their results
Since incorporating HTB Professional Labs into their training strategy, the Easi team has:
-
Doubled the content shared in Red and Blue team meetings, and as a result, improved Purple team training
-
Trained on 55 different MITRE ATT&CK skills
-
Decreased onboarding times by 40%
-
Increased time spent training by 50%
As well as providing a strong platform for practical Purple team training, Easi has noticed significant improvements in its ability to assess the skills of new hires, refine the onboarding process, and plan the development of new employees.
Being able to invite new starters is a great feature. It allows us to more accurately measure a new hire’s knowledge and how to build upon it.
Mickey De Beats, Red Team CyberSecurity Consultant, Easi
Commenting on Professional Labs, Mickey said that “there are plenty of training platforms that feature ‘click-to-complete’ challenges. HTB is different because it encourages realistic effort and reinforces the right mindset. From the Genesis starter lab alone, for example, we saw exploits (like the Remote File Inclusion over SMB) that we were pleasantly surprised to see in a ‘beginner’ level lab. I believe this is also what causes it to have such a positive effect on our onboarding.”
Let’s talk
Loved by an infosec community of more than 1.6 million members, HTB is helping security leaders across the globe equip their teams with the skills and expertise needed to proactively secure and protect their organizations.
Whether you’re sharpening specific techniques, training up junior staff, or looking to recruit skilled cybersecurity talent, Hack The Box has a solution to fit your needs. Measure, assess, and proactively close your organization’s cybersecurity skills gap with a single platform focused on improving cyber workforce training and development.
hackers.top from www.hackthebox.com