Dailydave mailing list archives
reach for the sky vs stay airborne
From: Konrads Smelkovs <konrads.smelkovs () gmail com>
Date: Tue, 27 Oct 2015 13:22:26 +0000
In my view, security improvements in organisations are driven by breaches and red team exercises/pentests. While breaches give hard lessons learned, red teams often don't and that's because we reward red teamers for a "domain admin" rather than longer term persistent access. This is what I call reach for the sky/rocket launch: you get domain admin, get a screenshot of CEO's e-mail and declare job done. In reality, a good simulation would be to "stay airborne" - take a screenshot of CEO's e-mail/exfil PST every week. That's not to say that there isn't a scenario where desctruction of assets is the end-goal of an attacker, but even then, I would argue that red teamers ought to put an .exe in autoruns for every PC they wish to have done a simulated wipe. -- Konrads Smelkovs Applied IT sorcery.
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- reach for the sky vs stay airborne Konrads Smelkovs (Oct 27)
- Re: reach for the sky vs stay airborne Darkpassenger (Oct 29)
- Re: reach for the sky vs stay airborne Kristian Erik Hermansen (Oct 29)
- Re: reach for the sky vs stay airborne Konrads Smelkovs (Oct 29)
- Re: reach for the sky vs stay airborne Terry Bradley (Oct 29)