Black-Team Operations

Bank of England Meeting

On the 9th March 2017, Bank of England held a meeting to formally discuss the outputs and results from the first incarnation of the CBEST framework. The meeting was constructive and informative, yet held specific bias to the initial companies that helped start the scheme with very little sharing of data and metrics. There were several workshops that helped the participating companies interact with each other, and hopefully this foundation of goodwill and collaboration will make the scheme more successful in the near future.

One of the outcomes from this meeting was the drafting of another phase/separate piece of testing designated as Black Teaming. Black Teaming is more closely related to the physcial aspects of security, but still encompasses many skills and techniques already used in Red-Teaming. Black Teaming in a way is less technical as it is purely aimed at attacking human weaknesses, and contains a strong element of the Insider threat.

Testing Criteria

• Physical controls
  • Locks
  • Access control
  • Turn-styles/air-locks
  • Health and Safety procedures
  • Office Policies e.g. clear-desk policy
• Social Engineering
• USB dead-drops
• Malicious devices:
  • Wifi Pineapples
  • Bugging
  • Network taps
  • Embedded devices (including tampering)
• Vulnerable websites
• VPN weaknesses
• Misconfigured admin services
• Exploitable services
• Insider threats
  • Direct threat
  • Assisted threat