SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

I'm sorry it took me forever and a day to get this episode up, but I'm thrilled to share part 4 (the final chapter - for now anyways) of my interview with the red team guys, Ryan and Dave!

In today's episode we talk about:

  • Running into angry system admins (that are either too fired up or not fired up enough)
  • Being wrong without being ashamed
  • When is it necessary to make too much noice to get caught during an engagement?
  • What are the top 5 tools you run on every engagement?
  • How do you deal with monthly test reports indefinitely being a copy/paste of the previous month's report?
  • How do you deal with clients who scope things in such as way that the test is almost impossible to conduct?
  • How do you deal with colleagues who take findings as their own when they talk with management?
  • How do you work with clients who don't know why they want a test - except to check some sort of compliance checkmark?
  • What is a typical average time to complete a pentest on a vendor (as part of a third-party vendor assessment)?
  • How could a fresh grad get into a red team job?
  • What do recruiters look for candidates seeking red team positions?
  • If a red team is able to dump a whole database of hashes or bundle of local machine hashes, should they crack them?
  • What do you do when you're contracted for a pentest, but on day one your realize the org is not at all ready for one?
  • What's your favorite red team horror story?