I have been thinking about this topic since quite some time. I have had discussions with my colleagues on this. But I wasn’t convinced if this idea actually holds merit. However, with Microsoft’s launch of Majorana 1 chip, I think its time that we at-least start discussing it on a broader platform.

Through this post, I am sharing a few use-cases where red teams can leverage quantum computing (as and when it reaches that stage) to significantly advance their ops.

Follow my journey of 100 Days of Red Team on WhatsApp, Telegram or Discord.

Breaking Cryptography

One of the biggest impacts of quantum computing on red teaming will be its ability to break widely used encryption algorithms. Many security systems today rely on RSA and ECC (Elliptic Curve Cryptography) for encrypting sensitive data. These encryption methods work by using mathematical problems that are extremely difficult for classical computers to solve. However, with a powerful enough quantum computer, these problems can be solved in a fraction of the time. Imagine being able to break a 2048-bit RSA encryption key in minutes instead of thousands of years.

Enhanced Brute Force Attacks

Brute force attacks could become much more effective with quantum computing. Normally, it would take an impractical amount of time for a red team operator to brute force a strong password (e.g., a 12-character random string). However, quantum computers will speed up the process significantly.

The effectiveness of quantum-powered brute force attacks will depend heavily on having local access to password hashes. This means that while a quantum computer can rapidly crack hashes once they are acquired, the initial exfiltration of password hashes will still remain a challenge (until quantum powered network devices come into picture).

Advanced Malware and Evasion Techniques

Today’s malware is often detected by security tools using pattern recognition and heuristic analysis. However, quantum-enhanced AI may be able to create malware that continuously evolves and adapts in real-time to avoid detection.

Imagine a red team deploying a backdoor inside a target organization. Normally, the company’s endpoint security tools would detect suspicious activity based on predefined rules or behavior analysis. But with quantum-enhanced AI, malware could analyze the security tool’s responses and change its behavior instantly, making it almost impossible to detect.

Secure C2 Communications and Data Exfiltration

Traditional C2 channels rely on encrypted communications, often using TLS or other cryptographic protocols. However, these methods can still be intercepted and potentially decrypted if an adversary records the encrypted traffic and decrypts it later using a quantum computer. With QKD, red team operators will be able to establish C2 communications where any interception attempt automatically alters the quantum state of the transmission, making detection unavoidable.

Similarly, one of the biggest challenges in data exfiltration is evading network monitoring tools that detect anomalous data transfers. However, using quantum-encrypted channels, red team operators will be able to encrypt and exfiltrate data with quantum-safe cryptographic techniques. These channels might also make data extraction virtually undetectable, hiding within legitimate network traffic.

Of course, all of this comes with the caveat that if it’s available to red teams it will also be available to organizations, so that might alter some of the use cases mentioned above. Another thing to consider is how organizations are planning to reduce their attack surface once quantum computers become commercially available, making most of current technology a huge technical debt.

Red Team Notes
Here are few use cases of quantum computing for red team operations:
- Rapid brute-forcing of password hashes.
- Breaking current cryptographic keys in minutes.
- Malware that continuously evolves and adapts in real-time to avoid detection.
- Secure C2 communications and enhanced data exfiltration capabilities.

Follow my journey of 100 Days of Red Team on WhatsApp, Telegram or Discord.

It will be interesting to see how red teaming evolves with the onset of quantum computing. If you have some interesting thoughts and ideas to share, please drop a comment. I would love to gain more insights on this.