Is there a point in red teams finding complex ways into your company's network, if the simplest one, and the one that works is phishing? I've been discussing this recently IRL, and IMO, if this is the status quo, a red team should use phishing until it's solved before moving on.
-
-
Yup. But it feels like finding new ways into a bank's vault mission-impossible movie style, when you can still do the same (and easier) with a poorly faked ID. Ppl in charge of the bank's sec. (resources) might be more interested in the former one, cause phishing feels old/boring
-
Exactly. We don't need red team to tell us all that phishing works. Instead, red teams can tell blue how far you can get after phishing and how quickly org can detect/respond/recover. You can give red team a machine on the network.
- 2 more replies
New conversation -
-
-
^. Our red team mentality is "assume breach," whether it's from phishing, popped box on the perimeter, or insider threat. Focus on defense in depth and detection of post-exploitation, no matter the initial source of compromise.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I heard phishing is a solved problem. https://www.businessinsider.com/none-of-googles-employees-get-phished-because-of-yubikey-security-key-2018-7 …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
Like, gravity does seem to work, we won't learn anything new from dropping more objects off buildings.