1 hr 24 min
7MS #386: Interview with Ryan Manship and Dave Dobrotka - Part 4 7 Minute Security
-
- Technology
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
I'm sorry it took me forever and a day to get this episode up, but I'm thrilled to share part 4 (the final chapter - for now anyways) of my interview with the red team guys, Ryan and Dave!
In today's episode we talk about:
Running into angry system admins (that are either too fired up or not fired up enough) Being wrong without being ashamed When is it necessary to make too much noice to get caught during an engagement? What are the top 5 tools you run on every engagement? How do you deal with monthly test reports indefinitely being a copy/paste of the previous month's report? How do you deal with clients who scope things in such as way that the test is almost impossible to conduct? How do you deal with colleagues who take findings as their own when they talk with management? How do you work with clients who don't know why they want a test - except to check some sort of compliance checkmark? What is a typical average time to complete a pentest on a vendor (as part of a third-party vendor assessment)? How could a fresh grad get into a red team job? What do recruiters look for candidates seeking red team positions? If a red team is able to dump a whole database of hashes or bundle of local machine hashes, should they crack them? What do you do when you're contracted for a pentest, but on day one your realize the org is not at all ready for one? What's your favorite red team horror story?
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
I'm sorry it took me forever and a day to get this episode up, but I'm thrilled to share part 4 (the final chapter - for now anyways) of my interview with the red team guys, Ryan and Dave!
In today's episode we talk about:
Running into angry system admins (that are either too fired up or not fired up enough) Being wrong without being ashamed When is it necessary to make too much noice to get caught during an engagement? What are the top 5 tools you run on every engagement? How do you deal with monthly test reports indefinitely being a copy/paste of the previous month's report? How do you deal with clients who scope things in such as way that the test is almost impossible to conduct? How do you deal with colleagues who take findings as their own when they talk with management? How do you work with clients who don't know why they want a test - except to check some sort of compliance checkmark? What is a typical average time to complete a pentest on a vendor (as part of a third-party vendor assessment)? How could a fresh grad get into a red team job? What do recruiters look for candidates seeking red team positions? If a red team is able to dump a whole database of hashes or bundle of local machine hashes, should they crack them? What do you do when you're contracted for a pentest, but on day one your realize the org is not at all ready for one? What's your favorite red team horror story?
1 hr 24 min