7MS #386: Interview with Ryan Manship and Dave Dobrotka - Part 4

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

I'm sorry it took me forever and a day to get this episode up, but I'm thrilled to share part 4 (the final chapter - for now anyways) of my interview with the red team guys, Ryan and Dave!

In today's episode we talk about:

• Running into angry system admins (that are either too fired up or not fired up enough)
• Being wrong without being ashamed
• When is it necessary to make too much noice to get caught during an engagement?
• What are the top 5 tools you run on every engagement?
• How do you deal with monthly test reports indefinitely being a copy/paste of the previous month's report?
• How do you deal with clients who scope things in such as way that the test is almost impossible to conduct?
• How do you deal with colleagues who take findings as their own when they talk with management?
• How do you work with clients who don't know why they want a test - except to check some sort of compliance checkmark?
• What is a typical average time to complete a pentest on a vendor (as part of a third-party vendor assessment)?
• How could a fresh grad get into a red team job?
• What do recruiters look for candidates seeking red team positions?
• If a red team is able to dump a whole database of hashes or bundle of local machine hashes, should they crack them?
• What do you do when you're contracted for a pentest, but on day one your realize the org is not at all ready for one?
• What's your favorite red team horror story?