Red Team Exercise (Adversarial Simulation) 2020 Q1

Dear All,

I apologise for any inconvenience that may have been caused due to the Incident Response test that the InfoSec team executed in the last couple of days. 

We will be sending a detailed whitepaper about it early next week. I would also like to strongly encourage you to participate in our debrief next week.

We conduct two Adversarial simulations (Red Team Exercises) annually. The latest one was concluded in July 2020. The adversarial simulations are used to test the resilience and effectiveness  of an organization's Incident and Emergency response.

Phase 1:
Our Offensive Security Engineers started with zero information about the target. The offensive security engineers behaved as if they knew nothing about Traveloka applications or infrastructure. They collected and gained Intelligence about Traveloka in publicly available information resources. We successfully compromised one of the Jenkins instance and used that to pivot to other more valuable targets that resulted in:

The above list is non-exhaustive. 

Phase 2:
Subsequently we waited close to 3 weeks for someone to discover the breach and when no one reported a breach, we started with phase 2 which was testing Incident Response. I activated the SecOps team by letting them know about the breach but not revealing the source of the breach. We learned valuable lessons from the exercise including:

Positives:

Where we need to Improve:

Feedback: 

More details are attached in the presentation.


-- 
--------------------------------------------------------------------------
Phone: 919611899992
Email: hilal.lone@traveloka.com
Planned Leave: None
Planned Travel: