7MS #363: Interview with Ryan Manship and Dave Dobrotka - Part 2
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free!
Yuss! It's true! Dave and Ryan are back!
Back in episode #326 we met Ryan Manship of RedTeam Security and Dave Dobrotka of United HealthGroup and talked about their cool and exciting careers as professional red teamers.
In this follow-up interview (which will be broken into a few parts), we talk through a red team engagement from start to finish. Today we cover questions like:
-
Who should have a red team exercise conducted? Who NEEDS one?
-
How do you choose an objective that makes sense?
-
What do you do about push-back from management and/or scope manipulation? (“Don’t phish our CEO! She’ll click stuff! Attack our servers, just not the production environment!!!”). Spoiler alert: your clients need to have intestinal fortitude!
-
What’s better - a “zero knowledge” red team engagement or a collaborative exercise between testers and their clients?
-
How do you attack a high-security bunker?!
-
How do you conduct a red team exercise without ending up in jail? What does your “get out of jail” card get you - and NOT get you?