Software Integrity Blog

Search Results for 'red teaming'

 

Exploring a red teaming attack: The not-so-dubious air conditioning repairman

In this example, Dave, our red team engineer, will attempt to gain physical access to a company’s server room by pretending to service the air conditioning. Dave has picked the perfect day: The sun is shining, it’s the Friday before a bank holiday weekend, and everybody around him is in high spirits. Dave knows that […]

Continue Reading...

Posted in General

 

How to build a red teaming playbook

Red teaming is an iterative process that includes three main components: recon, enumeration and attack. First, we emulate a defined adversary (anything from a script kiddie to an APT threat actor). Then we iterate through the recon/enumeration/attack components repeatedly until we have obtained our defined goal, such as obtaining sensitive client data. 3 ways to […]

Continue Reading...

Posted in General

 

The secret to red teaming: Thinking maliciously

The technical people who drive our innovation are, for most purposes, well meaning. They create technology which has shaped our way of life, and done what many would have previously considered unthinkable. These developers and engineers are wonderful at conceiving and building systems. However, they are horrible at understanding how to break them. As the […]

Continue Reading...

Posted in Data Breach, General, Internet of Things

 

Red teaming a holistic view of security

Software pervades our everyday lives: cellphones, tablets, fitness monitors, websites, networked home appliances, medical equipment, drones and automated vehicles. We expect software to work, often overlooking the need for the software running these systems to be secure. While we stress the importance of building security in throughout the SDLC there are outside vehicles like rogue wireless […]

Continue Reading...

Posted in General, Mobile Application Security

 

Think like an attacker during 2-day red team workshop

Most developers focus their day-to-day thought processes on building software rather than breaking it. Meanwhile, organizations face growing and evolving threats against their digital assets and infrastructure. That’s why it’s critically important for security operations and development teams to think defensively. Thinking of any and every possible attack is what red teaming is all about. A […]

Continue Reading...

Posted in General, Security Training

 

How can red team simulated attacks protect the digital world?

During the red teaming process, attackers physically enter target facilities. This testing activity tends to be overlooked or downplayed in security testing results. But, it’s important not to forget that old-fashioned attack methods still work. To guard against a physical security breach, it’s critical that your firm encrypt data. Otherwise, red team assessors, much like […]

Continue Reading...

Posted in Data Breach, General

 

How to build a game-changing red team

Putting together a game-changing red team requires finding the right personnel with the malicious mindset, technical talent and vision to drive the program to success. This team must have a leader who can drive the program and technical staff who will perform the day-to-day activities. Putting together an impactful and game-changing red team will increase […]

Continue Reading...

Posted in General

 

Are you red team secure?

Data breaches can result in severe damages to an organization’s brand, financial standing, or customer trust. Many of these, including recent breaches in the news, are not the result of a single, easy to find weakness that just happened to be overlooked or the common “low hanging fruit” that is adequately detected by automated scanners […]

Continue Reading...

Posted in General, Software Architecture and Design, Web Application Security

 

Air gaps in ICS going, going … and so is security

As smart shipping and other network-connected industrial control systems (ICS) grow, the air gap loses value as a barrier against cyber attacks. What’s next?

Continue Reading...

Posted in General

 

What are the different types of software testing?

With a wide array of security testing solutions, let’s examine how different types of software testing can help organizations achieve security goals. When do I need security testing? Software security testing is a type of security testing that aims to reveal loopholes and weaknesses in the security mechanism of applications and systems. When these weaknesses […]

Continue Reading...

Posted in General