Red team tester¶
Exploitation Analyst < Exploitation Analysis < Analyze Collaborates to identify access and collection gaps that can be satisfied through cyber collection and/or preparation activities. Leverages all authorized resources and analytic techniques to penetrate targeted networks.
Tasks Conduct and/or support authorized penetration testing on enterprise network assets. Perform penetration testing as required for new or updated applications. Apply and obey applicable statutes, laws, regulations and policies. Perform analysis for target infrastructure exploitation activities. Collaborate with other internal and external partner organizations on target access and operational issues. Conduct analysis of physical and logical digital technologies (e.g., wireless, SCADA, telecom) to identify potential avenues of access. Conduct independent in-depth target and technical analysis including target-specific information (e.g., cultural, organizational, political) that results in access. Identify gaps in our understanding of target technology and developing innovative collection approaches. Monitor target networks to provide indications and warning of target communications changes or processing failures. Produce network reconstructions. Profile network or system administrators and their activities.
Knowledge Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). Knowledge of front-end collection systems, including traffic collection, filtering, and selection. Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems. Knowledge of website types, administration, functions, and content management system (CMS). Knowledge of implants that enable cyber collection and/or preparation activities. Knowledge of common networking devices and their configurations. Knowledge of evasion strategies and techniques. Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP). Knowledge of how to collect, view, and identify essential information on targets of interest from metadata (e.g., email, http). Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). Knowledge of scripting Knowledge of strategies and tools for target research. Knowledge of target intelligence gathering and operational preparation techniques and life cycles. Knowledge of terminal or environmental collection (process, objectives, organization, targets, etc.). Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications).
Skills Skill in identifying gaps in technical capabilities. Skill in analyzing traffic to identify network devices. Skill in creating and extracting important information from packet captures. Skill in creating collection requirements in support of data acquisition activities. Skill in interpreting compiled and interpretive programming languages. Skill in interpreting metadata and content as applied by collection systems. Skill in navigating network visualization software. Skill in recognizing and interpreting malicious network activity in traffic. Skill in researching vulnerabilities and exploits utilized in traffic. Skill in target development in direct support of collection operations. Skill in using databases to identify target-relevant information. Skill in using non-attributable networks. Skill in using trace route tools and interpreting the results as they apply to network analysis and reconstruction. Skill in writing (and submitting) requirements to meet gaps in technical capabilities.
Abilities Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. Ability to accurately and completely source all data used in intelligence, assessment and/or planning products. Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists. Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products. Ability to collaborate effectively with others. Ability to expand network access by conducting target analysis and collection to identify targets of interest.