Nov 1, 2019
SafePass.me is the only enterprise solution to protect
organizations against credential stuffing and password spraying
attacks. Visit safepass.me for
more details, and tell them 7 Minute Security sent you to get a 10%
I'm sorry it took me forever and a day to get this episode up,
but I'm thrilled to share part 4 (the final chapter - for
now anyways) of my interview with the red team guys, Ryan and
In today's episode we talk about:
- Running into angry system admins (that are either too fired up
or not fired up enough)
- Being wrong without being ashamed
- When is it necessary to make too much noice to get
caught during an engagement?
- What are the top 5 tools you run on every engagement?
- How do you deal with monthly test reports indefinitely being a
copy/paste of the previous month's report?
- How do you deal with clients who scope things in such as way
that the test is almost impossible to conduct?
- How do you deal with colleagues who take findings as their own
when they talk with management?
- How do you work with clients who don't know why they want a
test - except to check some sort of compliance checkmark?
- What is a typical average time to complete a pentest on a
vendor (as part of a third-party vendor assessment)?
- How could a fresh grad get into a red team job?
- What do recruiters look for candidates seeking red team
- If a red team is able to dump a whole database of hashes or
bundle of local machine hashes, should they crack them?
- What do you do when you're contracted for a pentest, but on day
one your realize the org is not at all ready for one?
- What's your favorite red team horror story?