Software Integrity Blog

Search Results for 'red teaming'

 

Exploring a red teaming attack: The not-so-dubious air conditioning repairman

In this example, Dave, our red team engineer, will attempt to gain physical access to a company’s server room by pretending to service the air conditioning.

Continue Reading...

Posted in General

 

How to build a red teaming playbook

Red teaming is an iterative process. Every red team assessment follows a different path but has the same elements of recon, enumeration, and attack.

Continue Reading...

Posted in General

 

The secret to red teaming: Thinking maliciously

The technical people who drive our innovation are, for most purposes, well meaning. They create technology which has shaped our way of life, and done what many would have previously considered unthinkable. These developers and engineers are wonderful at conceiving and building systems. However, they are horrible at understanding how to break them. As the defenders of the kingdom, a security operations or development team has to think of every possible attack, which is what we do in red teaming. This workload is considered otherworldly compared to their adversary, who only needs one working method of attack to obtain their goals.

Continue Reading...

Posted in Data Breach, Internet of Things

 

Red teaming for a holistic view of security

Red teaming is when an independent group tests your system in the same way an attacker would to identify weaknesses that could compromise sensitive data.

Continue Reading...

Posted in Mobile Application Security

 

Think like an attacker during 2-day red team workshop

Most developers focus their day-to-day thought processes on building software rather than breaking it. Meanwhile, organizations face growing and evolving threats against their digital assets and infrastructure. That’s why it’s critically important for security operations and development teams to think defensively. Thinking of any and every possible attack is what red teaming is all about.

Continue Reading...

Posted in Security Training

 

How can red team simulated attacks protect the digital world?

During the red teaming process, attackers physically enter target facilities. This testing activity tends to be overlooked or downplayed in security testing results. But, it’s important not to forget that old-fashioned attack methods still work. To guard against a physical security breach, it’s critical that your firm encrypt data. Otherwise, red team assessors, much like real world physical attackers will be able to simply yank a hard drive out of your server and render your firm helpless. The physical delusion With physical access, many logical controls become useless. For instance, when it comes to domain authentication, Kon-Boot the domain controller with a new user account in the domain. You may have a strong firewall protecting the internal servers, but to circumvent that physically, simply plug right into the local network switch.

Continue Reading...

Posted in Data Breach

 

How to build a game-changing red team

Putting together a game-changing red team requires finding the right personnel with the malicious mindset, technical talent and vision to drive the program to success. This team must have a leader who can drive the program and technical staff who will perform the day-to-day activities.

Continue Reading...

Posted in General

 

Are you red team secure?

Red teaming provides a new way of thinking about, identifying, and allocating defenses to discover risks and address them. Are you red team secure?

Continue Reading...

Posted in Software Architecture and Design

 

Air gaps in ICS going, going … and so is security

As smart shipping and other network-connected industrial control systems (ICS) grow, the air gap loses value as a barrier against cyber attacks. What’s next?

Continue Reading...

Posted in General

 

What are the different types of software testing?

With a wide array of security testing solutions, let’s examine how different types of software testing can help organizations achieve security goals. When do I need security testing? Software security testing is a type of security testing that aims to reveal loopholes and weaknesses in the security mechanism of applications and systems. When these weaknesses are exploited, the results could include:

Continue Reading...

Posted in General