[Dailydave] reach for the sky vs stay airborne
Kristian Erik Hermansen
kristian.hermansen at gmail.com
Tue Oct 27 21:59:21 EDT 2015
es that would be ideal but unfortunately there is always pushback due to
perception of privacy impact to staff / employees and also risk of
accidentally nuking the entire organization due to "unexpected changes".
You can try though and I wish you luck getting executives to sign off on
that risk. Or you could just buy Immunity Innuendo for $50K or Cobalt
Strike with beacon for about 1/10th that and get close to "APT
simulation"...
On Tuesday, October 27, 2015, Konrads Smelkovs <konrads.smelkovs at gmail.com>
wrote:
> In my view, security improvements in organisations are driven by breaches
> and red team exercises/pentests. While breaches give hard lessons learned,
> red teams often don't and that's because we reward red teamers for a
> "domain admin" rather than longer term persistent access.
>
> This is what I call reach for the sky/rocket launch: you get domain admin,
> get a screenshot of CEO's e-mail and declare job done. In reality, a good
> simulation would be to "stay airborne" - take a screenshot of CEO's
> e-mail/exfil PST every week.
>
> That's not to say that there isn't a scenario where desctruction of assets
> is the end-goal of an attacker, but even then, I would argue that red
> teamers ought to put an .exe in autoruns for every PC they wish to have
> done a simulated wipe.
>
>
>
> --
> Konrads Smelkovs
> Applied IT sorcery.
>
--
Regards,
Kristian Erik Hermansen
https://www.linkedin.com/in/kristianhermansen
https://google.com/+KristianHermansen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20151027/17f77137/attachment-0001.html>
More information about the Dailydave
mailing list