SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
I'm sorry it took me forever and a day to get this episode up, but I'm thrilled to share part 4 (the final chapter - for now anyways) of my interview with the red team guys, Ryan and Dave!
In today's episode we talk about:
- Running into angry system admins (that are either too fired up or not fired up enough)
- Being wrong without being ashamed
- When is it necessary to make too much noice to get caught during an engagement?
- What are the top 5 tools you run on every engagement?
- How do you deal with monthly test reports indefinitely being a copy/paste of the previous month's report?
- How do you deal with clients who scope things in such as way that the test is almost impossible to conduct?
- How do you deal with colleagues who take findings as their own when they talk with management?
- How do you work with clients who don't know why they want a test - except to check some sort of compliance checkmark?
- What is a typical average time to complete a pentest on a vendor (as part of a third-party vendor assessment)?
- How could a fresh grad get into a red team job?
- What do recruiters look for candidates seeking red team positions?
- If a red team is able to dump a whole database of hashes or bundle of local machine hashes, should they crack them?
- What do you do when you're contracted for a pentest, but on day one your realize the org is not at all ready for one?
- What's your favorite red team horror story?