PODCAST: What Is a Red Team, Anyway?
Podcast: Play in new window | Download
Dakota talks about the pentester pyramid of pain and the different types of tests available from an information security firm.
See his slides here: https://blackhillsinformationsecurity.shootproof.com/gallery/7404264/
Extra links & notes:
From guest blog post by Scott Worden:
Having the penetration tester reach your crown jewels, get root, own you, pwn you, own3d, 0wn3d, pwned, pooned or whatever phrasing you use is NOT a failure. The point of a penetration test is to find where you are vulnerable so you can improve. There is no failing a pen test, with two exceptions. If you artificially insert preventions or react differently to the pen tester, you fail. If the same fixable finding shows up on multiple pen tests, you fail.
Ai-Hunter from Active Countermeasures