2 years ago
406.6K 👀

You’re Probably Not Red Teaming... And Usually I’m Not, Either [SANS ICS 2018]



#People & Blogs
In a world where it seems everyone and their dog is doing “penetration testing” nowadays, many individuals have started attempting to distinguish themselves by referring to their work as “red teaming.” Heck, that’s wound up in some bios which have been written for me in the past. However, this term is over-used and often misapplied.
In this talk, I will offer up a straightforward metric for untangling these terms, and then share tips, stories, and advice on tools that can help you in future Pen Tests or (if you’re truly performing them) Red Team Engagements.

DeviantOllam photo 1 You’re Probably Not Red Teaming...... DeviantOllam photo 2 You’re Probably Not Red Teaming...... DeviantOllam photo 3 You’re Probably Not Red Teaming...... DeviantOllam photo 4 You’re Probably Not Red Teaming......

I really hope all this comes up in the zoology exam I'm taking tomorrow.

by Maracachucho 1 year ago

So i am an actual technician, but the number of times ive turned up at a business and said i'm here to work in the comms room and they just let me in is astonishing.

by xer033 1 year ago

I use the "look like you belong there" when I get into the VIP area in clubs with just a GA ticket. I've used the back side of water bottle labels and napkins, folded into the right size around my wrist as a fake VIP band and followed a group into the VIP area. My favorite time was buying the same wrist bands on Amazon that the club uses, and looked at Instagram to see what color VIP was using that night. I have more fun figuring out how to get into the VIP area in different ways, than dancing or partying with friends in the club.

by Christopher Gronhagen 1 year ago

I caught a pen tester once pretending to inspect fire extinguishers. Except he wasn't in the right uniform and he wasn't quite doing it right. Called security, and got an attaboy, and told to let him continue on to see if anyone else caught him (no one did).

by John McLeod VII 1 year ago

That last sentence was the key difference between an actual attacker and someone just pen testing...
"Getting in is fun but getting caught is the goal."

by JetPackJan 1 year ago

I did the security guard thing for a while. It was an open secret that we were just eye-candy for the insurance company.

by Wesley Williams 2 years ago

I've watched a few of your presentations over the last few days. Even though they're very similar and not really relevant to me, they're entertaining, informative, and easy to watch. Keep up the great work.

by Crim 2 years ago

For half of his adult life, my Dad carried around key rings with about 3 pounds of brass on them. Gotta wonder if he could have gotten by with just a half dozen keys.
He would have loved this kind of stuff. Subtly deflating over-inflated egos was a hobby of his. Once on a fire alarm install, he was going around the building with the client and the security alarm vendor, who was bragging up his system. My Dad asked the security alarm guy if his sensors worked when they're installed upside down. The security alarm guy goes "What do you mean upside down?" My Dad goes "Well these have this part pointing up, but those have it pointing down." The security alarm calls the electrician over and growls at him to reinstall the upside down sensors. My dad cracked up when he told us the story.

by jfan4reva 2 years ago

amazed that you used TF2 but not any images of Spy

by fjshdf 2 years ago

I think it is important to emphasise the difference between a secure lock and a signalling or token lock. The stock keys are great when you want to stop stupidity, rather than malice. We keep the key to the medicine cabinet at work in the lock, but it still does an important job. Junior staff are aware that they do not have permission to open that lock. We are more worried about a horse being disqualified from an event for being medicated than losing the medicine. I would imagine the cabinet locks are designed mostly to avoid the servers being handled routinely or by mistake, rather than stopping an attacker that has already breached the server room.

I've seen a padlock on a chain that could be lifted off, and it still sort of did it's job. The field wasn't secure anyway, and if somebody wanted to break in they easily could. The chain was there to signal that going in there was not allowed (it is at some times of the year), rather than secure the field.

It only becomes a problem when people use signalling locks as part of a perimeter.

by A G Systems 1 year ago

This was an interesting one, I always enjoy physical pentesting. What I'd really like to hear is a talk about how to fail at it, though. Sort of a "Pentesting dont's" type of deal.

by That_German_Guy 2 years ago

"cannon based assailants are not in our risk model" is now my favorite sentence of all time.

by xQuizate 87 1 year ago

Marry the girl who will break into buildings for you

by salvagebar 2 years ago

I remember watching your elevator video, and it got me really thinking about who's pretending to be who.
and it got me talking with the boss, now I've put up a sign at work where it says "show ID if asked for ID".
Every time some random dude comes in and says "yeah I'm from X and supposed to do X", we tell them oh do you have an ID?
Every single time they say "what?", so we reply "you know it's for security, then point to the sign".

The thing is that the sign is located kinda "randomly" on a shelf, so you kinda have to look up. and since you're looking up, the security camera is there to look right back at you.
Most of them actually pull out their state issued ID, because obviously a badge is not an ID, the one that point to their badge usually get's told, "I could also print out a badge".

It's a small step to counter potential security flaws, but honestly even if you show the ID and we take it down, it's not like we're checking if it's valid, by cross refering it with some database...
but at least we try to trick people to either show a valid ID or look up by giving them an unfamiliar scenario, if we are the one getting tricked then shame on them :)

by svampebob007 2 years ago

"Im not exactly sure what security guards are trained to do."
I recently worked security in Florida, one of the strictest states for security ever since an event in 2016 where a gay club got shot up by a security guard.

we are trained to walk around and write reports.
Our training focuses heavily on what we can legally NOT do (ie. avoiding lawsuits and COA)
In practice, it's mostly preventing crime by simply wearing a uniform and walking around, checking for broken lights, taking readings from water pumps, and cleaning up the pool area after it closes - anything for the client to get their money's worth.

by BlockOfWood 9 months ago

Oof, a new deviant talk. There goes my next 44 minutes

by GarrukApex 2 years ago

once found an RFID dongle outside a government building and the dongle worked, tested it and immediately returned it... the person was neutral even when I asked "what if I wanted to gain illicit entry?" she replied "oh, we have a security alarm"

As this person points out, all I needed was a shirt, a box of RJ45 and a ladder and I have myself a cover story between 9-5 so yes... when someone doesn't know your alarm code, doesn't mean they don't need it to start robbing you or worse, compromising your security to the point where you might as well leave the passwords on the screen, don't bother locking the doors because they are mine... I can basically have an all access season pass to your building.

An alarm is for when people are not there not as a first response, contractors don't mind being questioned "hey, should you be here? can you provide proof?" because it's 2 minutes of their job and they will know not to rob the place

by Happy Fox 2 years ago

When you come back, and can't get in, then you did a good job.

by Dennis Lubert 2 years ago

Mp3 Download

Next videos

arrow_upward

Load More Similar Videos