Rules of Engagement in Pentesting
When you create a software product or build a service or create a platform, it’s a good idea to make sure it is secure. The data we generate is feeding the...
Penetration testing
MITRE ATT&CK: Screen capture
There is an old saying that goes “a picture is worth a thousand words.” In many ways, this saying is true: you can learn a great deal about a person or...
The future of Red Team operations
The Red Team assessment is an increasingly popular method for an organization to get a realistic feel for their overall security. Organizations’ attack surfaces...
Red Team Operations: Providing recommendations
The Red Team’s final report is the most valuable part of the entire exercise for the client. In many cases, a Red Team is secretly hired by an organization’s...
Red Team Operations: Reporting for compliance
In recent years, the number of standards and regulations that organizations have to demonstrate compliance with has exploded. Previously, organizations have...
Red Team Operations: Report structure and content
The first stage in building a Red Team report is knowing what to put in the report. Three of the most important things to discuss in the report are identified...
Red Team Operations: Presenting your findings
At the end of the Red Team assessment, there are usually two main deliverables. The Red Team report provides a report providing a comprehensive description...
Best commercial tools for Red Teaming
A variety of different free tools exist for Red Team operations, and, in many cases, a Red Team can get by just fine taking advantage of these free or open-source...
Best open-source tools for Red Teaming
One of the best features of the cybersecurity community is the vast number of free and open-source tools that are available. Many very smart and skilled hackers...
Red Team operations: Best practices
The goal of a Red Team assessment is for the Red Team to find as many vulnerabilities as possible within the customer’s current security setup. In general,...