Choose your own #RedTeam adventure.
Your phish lands on a host. What is the first thing you do?

(If 4 answers aren't enough, reply below) == IF YOU CHOSE MIMIKATZ ==
Congrats. It’s Win 7 and you now have 2 plaintext passwords. One looks like a Domain Admin account!

You attempt to move laterally to another host with the DA password. Access Denied.

What?

Try again.

Access Denied.

Try again!

2/10

Imagine how much better Blue Teams would be if Red Teams realized they weren’t Conor McGregor, they’re his sparring/training partner that virtually nobody knows.

If RED thinks they’re the ones showing up at the fight, they have got the date, venue, and match WRONG. Red Teams would probably operate differently if they realized the Blue Team’s performance for the REAL FIGHT was a direct reflection on them.

A recently mobilized toddler is like a free home penetration test. Like any enterprise penetration test, the (ahem) “stakeholders” (me) might say: “How long has that been there? Whose is it? Did you know we had that there? Who’s responsible for that?”

First rule of security: asset inventory.

Thought of the Day: It's actually possible to cause HARM with a #redteam exercise. Read the thread before you jump to conclusions. There are many different "goals" that stakeholders of a #redteam exercise may expect (and they probably only latch onto one of them, not even aware of the others):
- Program/Posture Assessment
- Controls Validation
- Adversary Simulation
- Adversary Emulation ^not the same^

For the newcomers out there...

I’ve been doing InfoSec stuff for ~20 years now, & every 3-5 years I discover a better understanding of the subject. Just when I think I’ve got it figured out, I get a little closer still.

This is for your edification to stick with it 1/ 20 years ago, I thought “perfect computer security” was possible if you just figured out the correct “recipe” of stuff for the technical problem you were trying to solve.

Didn’t take long to shatter that misconception.