Preview Mode Links will not work in preview mode

7 Minute Security

May 15, 2019

This episode is brought to you by ITProTV. Visit for over 65 hours of IT training for free!

Yuss! It's true! Dave and Ryan are back!

Back in episode #326 we met Ryan Manship of RedTeam Security and Dave Dobrotka of United HealthGroup and talked about their cool and exciting careers as professional red teamers.

In this follow-up interview (which will be broken into a few parts), we talk through a red team engagement from start to finish. Today we cover questions like:

  • Who should have a red team exercise conducted? Who NEEDS one?

  • How do you choose an objective that makes sense?

  • What do you do about push-back from management and/or scope manipulation? (“Don’t phish our CEO! She’ll click stuff! Attack our servers, just not the production environment!!!”). Spoiler alert: your clients need to have intestinal fortitude!

  • What’s better - a “zero knowledge” red team engagement or a collaborative exercise between testers and their clients?

  • How do you attack a high-security bunker?!

  • How do you conduct a red team exercise without ending up in jail? What does your “get out of jail” card get you - and NOT get you?