Finding Power In Retreat {for intelligence field operators in advanced positions}

Battle_at_Dabulin

It is the fallacy of the field operator, especially the intrepid novitiate, to assume the total responsibility for mission success. This imagery spawned of fervent self improvement regiments, Hollywood and Showtime’s Homeland, stresses that the bulk of mission objectives is carried out solely by one single individual. In all actuality, there are inner and outer circles of operators, military or security personnel, and analysts to handle many of these responsibilities. The duty of the field operator lies not only in aggressive and relentless attack, but moreso in the gathering of intelligence and retreat to analyze and further strategize for future sorties in the field.

“The host thus forming a single united body, is it impossible either for the brave to advance alone, or for the cowardly to retreat alone.” —Sun Tzu, Art Of War

The benefits of a strong field operator in an advanced position seem obvious. They are welcome into places where they should perhaps not be welcomed. They are knowing of things they perhaps should not be knowing. They are a bridge between enemies on either side of conflict. This is a stressful position under even the most glorious circumstances, and worth a second glance. While it has been noted the fallacy to assume total mission responsibility of the new operator, the internal drive to do so (the quarterback running the touchdown) is strongly ingrained into the psyche of especially Americans. This is potentially dangerous, not only for the operator, but potentially for the mission at large.

Ami Toben of protectioncircle.org is a highly trained countersurveillance professional, often dealing with VIP force protection and covert applications. In his work, he details the “magic circle of protection” which includes an outer circle or perimeter of analysts, and inner circle of operators, and possibly even an elite innermost circle of praetorian guards. When operating in an advanced position, and for extended maneuvers, it does indeed behove the “lone” field operator to remember and heed these layers which are there not only for protection, but to ensure the overall mission success. This is the very definition of mission critical deployment, and the mark of higher strategy.

While it is true that under certain circumstances that no one is in a better or more advantageous position to deliver the mission’s most successful application, or coup de grace if you will, than the field operator in advanced position. Aggressive and relentless attack can have serious deficits which may be overlooked by someone enduring field-stress and the relevant mania associated with operating deep behind the lines. Overexposure leading unto vulnerability is a strong likelihood, but this can be mitigated by the wisdom of these simple and easy to remember maxims:

Accept retreat to avoid defeat.

Quit the fray to fight another day.

 

Go ahead, say them out loud to yourself several times until they are imprinted upon your memory. It is okay to let go, run, and hide. That is a time when you can come up with your best strategy for the next time you are ready to attack. Retreat is just as important as attack in a winning strategy. Remember that the attacker can often become overexposed; by retreating, a field operator can potentially flush the opposition out of their comfortable positions to send them searching, and therefore exposing them to countersurveillance and counterintelligence tactics. This could mean the difference between winning or losing in a particular theatre during a particular operation.

Last but not least, the strategy for defeat is that of the BLUETEAMThey have more resources, more capital, and ultimately more comfort than the REDTEAM in any engagement. Of course it is the tendency for defense to become complacent and soft, but a field operator in advanced position must be reminded to take it easy once in a while. Get some rest, eat some food, hit the gym, watch a movie. Stop overexposing yourself to the opposing force by constantly wearing yourself down with relentless attack.

Find Power In Retreat

 

 

Advertisements

Challenging Security Limitations: White vs. Black Box Testing & Real Risk

1_briq_haus_ltd_38_special_logo_ad_graphic

I awoke in the middle of the night. It was the witching hour, 3am! Rapidly behind my lowered eyelids pie-graphs and charts explaining esoteric security concepts flashed in sequence, but I was too groggy to retain everything I learned. Why I am chosen for this sort of lucidity, I will never understand. This article is an attempt to best re-create the deeper concepts I received in that vision, but a week has elapsed since that night and therefore I have mostly forgotten everything. I’ll just have to wing it.

White Box Vs. Black Box

The article I have linked above describes the difference between the security, and/or software testing procedure in which internal elements are either known or unknown by the testers. The benefits of knowing the internal workings in a test allow for a more thorough and rigorous approach to each and every individual node or aspect of the subject, whereas a Redteam performing an unknown or Black Box test may not strike upon every single nuance built into the system, but may however come up with something heretofore unknown. The Black Box test is conducted exclusively by third-party security or testing professionals, which is requisite due to their specific insights into security penetration and access. For these reasons, it is considered a “low-level” test which is also known as an integration or unit test. It is conducted, in other words, from the outside working inward.

White Box tests are conducted usually by software developers or some part of the internal staff working on the project or overview. White Box tests are considered high-level tests also called system or acceptance testing. These tests are intended to fully air-tight the system after the beta-testing bugs have been detected and eliminated. The benefits of thorough White Box testing are thoroughness, insofar as the team knows the way the program or plan “should” work and can therefore test against this ideal. An internal team conducting this type of test knows the code (or building scheme; what have you), and therefore possesses an eagle-eye’s view of the entirety of the subject’s workings.

So Which Is Better For Your Company?

Before I answer this question for you, ask yourself:

  1. Do I have an internal team already providing White Box testing?
  2. Are they specifically hired for testing, or did we just divert Sheila and Burt from engineering over there to do another bug-sweep? (Remember what happened in the 1986 film Aliens.)
  3. If you have a specific internal team for testing, are they getting on well with engineering? Do they have a working rapport and are able to comprehend each other effectively leading up to the testing phase?
  4. Did you seek professional consulting from a specialized security Redteam?
  5. If you did not answer YES’ to each of the above questions, you and your company are not necessarily ready for what I am about to reveal to you in the next section.

Attrition Theory

I am not a mathematician however I think you can get behind me on this.

x/a – y/b = (+, – = successful, unsuccessful)

Attrition Theory basically asserts that given company with resources (personnel, training level, security architecture, security equipment, surveillance, etc.) when attacked by competitor (or OpFor) with resources y, a simple subtraction is necessary to determine who is successful in the attack. If the OpFor is willing to invest enough time and resources into their raid on company a, their success will be indicated by the result being a negative number, having taken the amount of invested resources from company into the red.

Is your company ready for your competitor or OpFor to outbid you on your willingness to invest in preventative security measures? Following a breach, it may be too late to save face so insurance, or the ability to clean up after the fact, is just not going to be enough.

Now to answer the question I asked before: Which sort of test is better?

Chew On This

So your internal team designated another internal team to do the testing. Ok. So the engineers got with the testers and did a Power Point powwow. Sure. So then after that you decided you still thought it would be wise to get an outside team to consult. Good. They do their scans and don’t really provide any insight beyond the scope of the White Box team, but good on you for checking. So you’re awesome, right? Invulnerable!

BRIQ | HAUS LTD. SECURITY & INTELLIGENCE has the guts to ask you these hard questions:

  1. How secure is your facility/program in case of a fire drill? Do you have protocols in place to handle securing end-user’s data BEFORE they flee the scene?
  2. What about in case of a REAL FIRE. And are you willing to test this in a non-drill scenario to absolutely ensure your security protocols work?
  3. Is your staff alerted to the higher danger of active shooters, like the scenario recently at YouTube? If so, do you again have a plan in place to protect end-user data from a potential shooter or *gasp* terrorist attack?
  4. What about acts of God like locusts, plague, or you know, floods? Are you guys going to not only get out of the building safe, but will you be able to stop Boris & Natasha from killing Moose’n’Squirrel during the disaster? For the OpFor, luck is when preparedness meets opportunity.
  5. If you didn’t answer ‘YES’ to each of the above questions, you need to contact us at BRIQ | HAUS LTD. SECURITY & INTELLIGENCE and immediately schedule consultation. Our information technology and intelligence community professionals know things that can protect your bottom line, so you can stop worrying about all the hard realisms I just threw at you.

My name is Robert Brooks Authement, owner and operator of Briq Haus Ltd. I think like the bad guys so you and your team don’t have to. If you think these insights can be of assistance to you and your company, please consider me and my team at your service.

kinopoisk.ru

 

Briq Haus Ltd. Definition Of Security Domains

security-camera

PHYSICAL SECURITY

. . .is the kinetic approach to security applications in the real world with actively moving parts. It entails the protection of a facility or industry from intrusion, surveillance, counter surveillance, barrier and access point reinforcement, and the protocols by which these systems are integrated in creating a secure perimeter around sensitive business operations. The main purpose of implementing this layer of security is to protect personnel and property from damage or harm (such as espionage, theft, or attacks).

trade-gap-10

LOGISTICAL SECURITY

. . .involves the transportation, migration, housing, feeding, supplying, and running of sensitive assets, whether human, cargo, financial, or entire business operations. This may require the maintaining of business fronts for a physical presence, the recruitment and handling of agents (read: hiring of employees), acquiring and maintaining safehouses, supply chain, and travel itineraries. Logistical Security is unique inasmuch that it requires multiple points of secure protocol checklist compliance, potentially distributed along a vast area or travel route.

comparativepolicyorg_econ_finance-700x463

ANALYTICAL SECURITY

. . .refers to creating security profiles and protocols, plans and presentations, based on research, and conclusive analysis of said research. This may include investigation into competitor operations, developing clientele lead lists, discovering the risk exposure of a target corporation or operation (including your own), and potentially deploying social engineering techniques to further flesh out security profiles or probe for weaknesses in the human controlled access points such as customer service agents.

network-security-cyber-attack

DIGITAL SECURITY

. . .is the hot topic of our times. Digital Security defines the ways and means by which company transmissions within internal and external networks, usually involving sensitive client-side data assets or intellectual property, are secured from intrusion, spying, and exfiltration or alteration. Insofar as the aforementioned security domains have various points and protocols along physical locations, Digital Security is similar in utilizing network hops and access points with names like gateways, firewalls, portals, tunnels, and ports.

BRIQ | HAUS LTD.
“PERFECT SECURITY SUITE”

Our team of information technology specialists and intelligence professionals spanning the globe will bring an unparalleled devotion to the specific needs of you and your clients. Our consultation and customized solutions cover any and all of your security needs. Our contract based products and services allow you to choose what you need from us in securing your operation, and our discretion to your management is sincere.

Contact Briq Haus Ltd. today to receive more information on how we can make it easy for you and your team to rest assured that every possible aspect of security is handled and monitored by the best in the business.

Respectfully submitted:

Sir Robert Brooks Authement

Owner; Operator
BRIQ | HAUS LTD. SECURITY & INTELLIGENCE

VIRTUALIZATION MASTERY – w/ Ping Of Death

super_ping

Being able to create machines within machines has been the aspiration of humanity since the days of alchemical yore. What we see here is the Windows 10 host Command Line Prompt “talking” via the ping utility to a Kali Linux VirtualMachine on Oracle’s Virtualbox, which is conversely talking over the “wire” to the host machine using ping. This is the basic proof-of-work demonstration of electronic warfare. The next steps are spoofing, redirecting, passive sniffing, phishing, and exploitation.

ping_of_death