PODCAST: What Is a Red Team, Anyway?

Dakota Nelson //

Dakota talks about the pentester pyramid of pain and the different types of tests available from an information security firm.

See his slides here: https://blackhillsinformationsecurity.shootproof.com/gallery/7404264/

Extra links & notes:

From guest blog post by Scott Worden:

Having the penetration tester reach your crown jewels, get root, own you, pwn you, own3d, 0wn3d, pwned, pooned or whatever phrasing you use is NOT a failure. The point of a penetration test is to find where you are vulnerable so you can improve. There is no failing a pen test, with two exceptions. If you artificially insert preventions or react differently to the pen tester, you fail. If the same fixable finding shows up on multiple pen tests, you fail.

Mitre Attack Matrix C2

20 CIS Critical Controls

RITA

Ai-Hunter from Active Countermeasures

Cash Cow Tipping 2018 Webcast