pentests have a number of benefits, but modelling actual attacks is not one of them
-
-
-
Client: "I want you to model a targeted attacker". Us: "Here is a proposal for 4 months work" C: "What will a week get me?"
Kraj razgovora
Novi razgovor -
-
-
esp when they are restricted in scope
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
What do you mean the PLA isn't sitting in my conference room running Nessus & nmap -T5? But my signatures would be worthless!!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
@thegrugq Sure, but outside of every corp having a full red team what is the better option?Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
And the goal is always get DA! No one says it... And so many companies, clients and pen testing shops alike DA DA!!! A week long smash and grab can be an experience in futility. Not trying to squish weeks worth of work into a report, where fuzzy math yields foolish results.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
yep.... and then the report is all caveats
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
so whats the fix then? From a business stand point, what is your solution?
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
What if we breakdown "pen test" into more basic elements? e.g. "A week to advance from machine in network to DC" ?
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
are pentests simulations or assessments?
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.