7MS #363: Interview with Ryan Manship and Dave Dobrotka - Part 2

57:30
 
Share
 

Manage episode 233878970 series 1288763
By Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio streamed directly from their servers.

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free!

Yuss! It's true! Dave and Ryan are back!

Back in episode #326 we met Ryan Manship of RedTeam Security and Dave Dobrotka of United HealthGroup and talked about their cool and exciting careers as professional red teamers.

In this follow-up interview (which will be broken into a few parts), we talk through a red team engagement from start to finish. Today we cover questions like:

  • Who should have a red team exercise conducted? Who NEEDS one?

  • How do you choose an objective that makes sense?

  • What do you do about push-back from management and/or scope manipulation? (“Don’t phish our CEO! She’ll click stuff! Attack our servers, just not the production environment!!!”). Spoiler alert: your clients need to have intestinal fortitude!

  • What’s better - a “zero knowledge” red team engagement or a collaborative exercise between testers and their clients?

  • How do you attack a high-security bunker?!

  • How do you conduct a red team exercise without ending up in jail? What does your “get out of jail” card get you - and NOT get you?

369 episodes available. A new episode about every 6 days averaging 36 mins duration .