Great question! They're used in a few ways. Here they are in order:
1) Surveillance (Most Common): Gather photos/video of building layout, roof access, areas hidden by fences/bushes, etc. that you can otherwise see from the ground.
2) Distraction: They can fly low and get the attention of security personnel, causing a distraction and enabling red teamers to jump a fence on the other side of the property.
3) Execution: The assessment may emulate an activist that drops flyers on a company's outdoor event, explosives on an executive, or leave a malicious network device on a building's roof that allows for persistent access to the network or a surveillance device inside the building. You can also do the old-school way of dropping a bucket on top of a security camera to disable it. I've heard of people parking a drone on the roof of a large building to do RF sniffing and Wifi / network scans that they otherwise couldn't achieve since they couldn't even get close to the property.
4) Anti-Drone Tests: You can (and should) test any drone-detection and disruption systems. In this case you could try to buy hardware that runs on non-standard frequencies or untether the UAS so it uses pre-determined flight path and behavior so any disrupted connection to a base station is irrelevant.
5) Thermal Imaging: Looking for people / security around a building that detect unauthorized access attempts.
6) Overwatch (Least Common): You could have a drone up during an operation to breach a perimeter and building to watch your team, and for security. This would give you live video of an operation as it unfolds. This happens frequently in the movies, and infrequently in real life red team assessments.
Are drones used often in red teams? I'm assuming they're used during recon and surveillance phases?
Great question! They're used in a few ways. Here they are in order:
1) Surveillance (Most Common): Gather photos/video of building layout, roof access, areas hidden by fences/bushes, etc. that you can otherwise see from the ground.
2) Distraction: They can fly low and get the attention of security personnel, causing a distraction and enabling red teamers to jump a fence on the other side of the property.
3) Execution: The assessment may emulate an activist that drops flyers on a company's outdoor event, explosives on an executive, or leave a malicious network device on a building's roof that allows for persistent access to the network or a surveillance device inside the building. You can also do the old-school way of dropping a bucket on top of a security camera to disable it. I've heard of people parking a drone on the roof of a large building to do RF sniffing and Wifi / network scans that they otherwise couldn't achieve since they couldn't even get close to the property.
4) Anti-Drone Tests: You can (and should) test any drone-detection and disruption systems. In this case you could try to buy hardware that runs on non-standard frequencies or untether the UAS so it uses pre-determined flight path and behavior so any disrupted connection to a base station is irrelevant.
5) Thermal Imaging: Looking for people / security around a building that detect unauthorized access attempts.
6) Overwatch (Least Common): You could have a drone up during an operation to breach a perimeter and building to watch your team, and for security. This would give you live video of an operation as it unfolds. This happens frequently in the movies, and infrequently in real life red team assessments.
Wow, thank you for the thorough answer! Much appreciated. Seems like I will re-new my license!