[Dailydave] reach for the sky vs stay airborne
Konrads Smelkovs
konrads.smelkovs at gmail.com
Tue Oct 27 09:22:26 EDT 2015
In my view, security improvements in organisations are driven by breaches
and red team exercises/pentests. While breaches give hard lessons learned,
red teams often don't and that's because we reward red teamers for a
"domain admin" rather than longer term persistent access.
This is what I call reach for the sky/rocket launch: you get domain admin,
get a screenshot of CEO's e-mail and declare job done. In reality, a good
simulation would be to "stay airborne" - take a screenshot of CEO's
e-mail/exfil PST every week.
That's not to say that there isn't a scenario where desctruction of assets
is the end-goal of an attacker, but even then, I would argue that red
teamers ought to put an .exe in autoruns for every PC they wish to have
done a simulated wipe.
--
Konrads Smelkovs
Applied IT sorcery.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20151027/834d3179/attachment.html>
More information about the Dailydave
mailing list