I get a lot of folks asking about how I think about this or that. Lots of conference rooms, video meetings, and hallway discussions about how my perspective is different from a defender’s. This has led to a lot of blog posts, and now has led to a book. I…
Exposed RDP is interesting to an attacker if they have credentials — focus instead on, MFA, strengthening passwords and minimizing attackers’ ability to move laterally
Exposed RDP is the new favorite scapegoat of the security industry. RDP (Remote Desktop Protocol) allows users or IT departments to access computers remotely. …
Not all assets are created equal. Back in the 90s, we all used to build massive firewalls around our systems and spent our day-to-day resources looking for holes to patch. In theory, an impenetrable wall is a great idea. However, if you’ve ever owned a house, you know that all…
Rarely have I heard someone tell me an IT problem to which the answer is: add a new piece of equipment. Rather, the best security posture is often a lean one that uses just a couple of tools to enforce each layer effectively.
More often than not, companies dump money…
Security tools are kind of like credit cards. Not enough and you won’t function; too many and they all become useless.
Running a security program involves a great deal of trust. You have to trust your team to effectively carry out their roles; you have to trust that hackers do…
The US’s largest fuel pipeline was hit with a ransomware attack that took it offline. It is expected to be inoperational for more than a week. The scale of such an attack has left many in the security community wondering what went wrong. …
I’m Givin’ Her All She’s Got, Captain!
I’m not the first person to point out that burnout in infosec is hitting a fever pitch. 2020 was a tremendously difficult year for security. Fueled by the pandemic and work-from-home, ransomware and other attacks boomed, high-profile breaches littered the news, and the…
The SolarWinds hack (and now Exchange) has taken over the news recently, and many security practitioners are curious about how to respond. As an attacker, I will candidly tell you that if you were breached, your best strategy is to assume Russia has established a presence in your network, and…
Red-teamers find the gaps between security controls and visibility, whereas the pentest typically surfaces problems within specific controls. For practitioners who have to choose between a pen test or red team engagement, it comes down to the maturity of your security program and the questions you want to answer.
moose. co-founder @randori. red-teamer. security can’t be fixed. practice how you fight. www.randori.com
