Discover and read the best of Twitter Threads about #redteam

Most recents (4)

Thought of the Day: It's actually possible to cause HARM with a #redteam exercise. Read the thread before you jump to conclusions.
There are many different "goals" that stakeholders of a #redteam exercise may expect (and they probably only latch onto one of them, not even aware of the others):
- Program/Posture Assessment
- Controls Validation
- Adversary Simulation
- Adversary Emulation ^not the same^
In a healthy red team program, you'll have stakeholders from each "camp" expecting each of those items to be represented. A SOC will want controls validation, for instance, but may not care about a Posture Assessment (i.e. this business unit has a C+ security program).
Read 15 tweets
Breaking Mews: Just when you thought it was going to be routine Monday night 2 am server maintenance... The Venison Red Team gets past your fancy guards and biometrics.

Posted with permission. #Pentesting #redteam
Update: intruder playing hide and seek in the data center.
Update: looks like the party is getting shut down D:
Read 5 tweets
Long rumored @TheJusticeDept indictment of #APT10 is out.…
Here are my observations/highlights from reading the indictment (channeling my inner @pwnallthethings):
-the indictment indicates #APT10 operations started in 2006 and went through 2018. The 2006 activity was likely focused on US Government, Military, and defense contractors

Interestingly the indictment calls out multiple government organizations by name that were victims including:
@NASAGoddard, @NASAJPL, @LLNL, and the @USNavy

Read 24 tweets
I’ve been playing around with and it’s a great tool. Can search pretty much any identifier and can wildcard so really good for #RedTeam recon as well as straight up #OSINT investigation 1/n
It only brings back 5 results per page so is actually pretty difficult to just trawl results for something juicy. I wildcarded a few fairly large corporate UK domains and consistently got 2-3k results. That’s a lot of clicking to get through all of them 2/n
So it’s probably not quite the privacy nightmare I thought it might be even with the wildcard function and increased number of search parameters. From my limited testing I t looks like it has the same data sets as haveibeenpwned etc 3/n
Read 5 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!