Now that you know the strategies, it is time for some hands-on activity. However, before that, here are some important considerations:
- Do not perform these steps in a production environment
- Create an isolated lab to test any type of Red Team operation
- Once all tests are done and validated, make sure you build your own plan to reproduce these tasks in a production environment as part of the Red Team attack exercise
- Before performing the attack exercise, make sure you have the agreement of your manager, and that the entire command chain is aware of this exercise
The tests that follow could be applied in an on-premises environment, as well as in a VM located in the cloud (IaaS).