Software Integrity

Archive for the 'Red Teaming' Category

 

Exploring a red teaming attack: The not-so-dubious air conditioning repairman

In this example, Dave, our red team engineer, will attempt to gain physical access to a company’s server room by pretending to service the air conditioning. Dave has picked the perfect day: The sun is shining, it’s the Friday before a bank holiday weekend, and everybody around him is in high spirits. Dave knows that […]

Continue Reading...

Posted in Red Teaming

 

Behavioral security at RSA Conference 2018

Wednesday, RSA 2018: On any given day, there are more than 150 sessions to choose from here. Good luck getting to even 5% of those. The good news is that attendees can get access to most of the sessions they missed after the fact, since the slide presentations are posted and videos are made of […]

Continue Reading...

Posted in Automotive Security, Medical Device Security, Red Teaming, Security Conference or Event

 

Think like an attacker during 2-day red team workshop

Most developers focus their day-to-day thought processes on building software rather than breaking it. Meanwhile, organizations face growing and evolving threats against their digital assets and infrastructure. That’s why it’s critically important for security operations and development teams to think defensively. Thinking of any and every possible attack is what red teaming is all about. A […]

Continue Reading...

Posted in Red Teaming, Security Training

 

Lessons learned from this year’s biggest security breaches

As this year draws to a close, we can look back on 2016 and see what challenges the security industry has had to overcome. Jumping on this bandwagon a bit early, I hope to draw attention to some of the more difficult challenges our industry will face in the coming year. In order to do […]

Continue Reading...

Posted in Data Breach, Internet of Things, Red Teaming, Software Security Testing

 

The greatest security vulnerability: Humans

In the security industry, we hold the following words near and dear to our work: “Humans are the weakest link in the security supply chain.” Even companies with solid, well-built security standards are prone to human error. This is because humans are the most important part of information security and all humans make mistakes. According […]

Continue Reading...

Posted in Red Teaming

 

How can red team simulated attacks protect the digital world?

During the red teaming process, attackers physically enter target facilities. This testing activity tends to be overlooked or downplayed in security testing results. But, it’s important not to forget that old-fashioned attack methods still work. To guard against a physical security breach, it’s critical that your firm encrypt data. Otherwise, red team assessors, much like […]

Continue Reading...

Posted in Data Breach, Red Teaming, Software Security Testing

 

The open perimeter: Is your internal network protected?

Large enterprises in the past relied on perimeter security to ensure their services were protected from the outside world. This idea of a trusted firewall has eroded over the years, and is considered an outdated approach to security. However, it is incorrect to assume that a firewall is useless despite the fact that the definition of […]

Continue Reading...

Posted in Internet of Things, Network Security, Red Teaming, Software Security Testing

 

What does the Panama Papers leak have to do with your firm’s data security?

If you have the Internet, which presumably you must if you’re reading this, you’ve no doubt run across stories about the Panama Papers leak: the revelation that an estimated 2.6-terabyte leak of data given to the press may have you cheering the downfall of the politicians wailing for changes in tax policies. There’s one key detail that the […]

Continue Reading...

Posted in Data Breach, Red Teaming

 

How to build a red teaming playbook

Red teaming is an iterative process that includes three main components: recon, enumeration and attack. First, we emulate a defined adversary (anything from a script kiddie to an APT threat actor). Then we iterate through the recon/enumeration/attack components repeatedly until we have obtained our defined goal, such as obtaining sensitive client data. 3 ways to […]

Continue Reading...

Posted in Red Teaming, Software Security Testing

 

How to build a game-changing red team

Putting together a game-changing red team requires finding the right personnel with the malicious mindset, technical talent and vision to drive the program to success. This team must have a leader who can drive the program and technical staff who will perform the day-to-day activities. Putting together an impactful and game-changing red team will increase […]

Continue Reading...

Posted in Red Teaming