This blog post was written by Joshua Hobson, Marketing Manager at our partner Fluid Digital.
Downtime on your eCommerce store can be damaging. You will lose sales, your reputation will be damaged and your customers will be frustrated.
This blog post was written by Joshua Hobson, Marketing Manager at our partner Fluid Digital.
Downtime on your eCommerce store can be damaging. You will lose sales, your reputation will be damaged and your customers will be frustrated.
Detection Lab, designed and maintained by Chris Long, is a collection of Vagrant and Packer scripts. These scripts allow users to quickly spin up a fully configured and monitored Windows Active Directory environment. Once the setup is complete, we will have a fully functional lab designed with defenders and security researchers in mind. Detection Lab can easily be modified to fit most needs or expanded to include additional hosts. This blog will demonstrate how to install and use Detection Lab with penetration testers in mind.
In our previous post, Red Teaming: Command and Control protocols, we performed a very brief introduction of RETURNINGPATIENT in the general context of choosing different command and control strategies in our red teaming campaigns. In this post, we will take a deeper dive into RETURNINGPATIENT itself and discuss its properties and its limitations.
Red teaming, in an information security context, is an adversarial-based offensive activity against an organisation's assets, whether this is infrastructure, applications or people. Red teaming is a specialised penetration testing service offering wherein the attacker assumes the role of an advanced threat actor and attempts to compromise agreed upon components inside the target. The threat actors use Tactics, Techniques and Procedures (TTPs) in their compromise campaigns. It is designed to be stealthier than a typical penetration test and test the defences of a network against a persistent attacker. It is also goal driven to provide focus and guide the test towards what the targeted organisation sees as its most valuable assets rather than the common misconception of "get domain admin". Mitre's ATT&CK framework, provides a comprehensive breakdown of all the different tactics in a red teaming engagement and outline of all different techniques inside each tactic.
This blog post was written by Joshua Hobson, Marketing Manager at our partner Fluid Digital.
Downtime on your eCommerce store can be damaging. You will lose sales, your reputation will be damaged and your customers will be frustrated.
Detection Lab, designed and maintained by Chris Long, is a collection of Vagrant and Packer scripts. These scripts allow users to quickly spin up a fully configured and monitored Windows Active Directory environment. Once the setup is complete, we will have a fully functional lab designed with defenders and security researchers in mind. Detection Lab can easily be modified to fit most needs or expanded to include additional hosts. This blog will demonstrate how to install and use Detection Lab with penetration testers in mind.
In our previous post, Red Teaming: Command and Control protocols, we performed a very brief introduction of RETURNINGPATIENT in the general context of choosing different command and control strategies in our red teaming campaigns. In this post, we will take a deeper dive into RETURNINGPATIENT itself and discuss its properties and its limitations.
Red teaming, in an information security context, is an adversarial-based offensive activity against an organisation's assets, whether this is infrastructure, applications or people. Red teaming is a specialised penetration testing service offering wherein the attacker assumes the role of an advanced threat actor and attempts to compromise agreed upon components inside the target. The threat actors use Tactics, Techniques and Procedures (TTPs) in their compromise campaigns. It is designed to be stealthier than a typical penetration test and test the defences of a network against a persistent attacker. It is also goal driven to provide focus and guide the test towards what the targeted organisation sees as its most valuable assets rather than the common misconception of "get domain admin". Mitre's ATT&CK framework, provides a comprehensive breakdown of all the different tactics in a red teaming engagement and outline of all different techniques inside each tactic.