Conversation

Red-team thinking feels learnable but like a really illegible kind of imaginative seeing. Has anyone written something about the mindset? Something like Burglar’s Guide to the City but for computing? How do you naturally look at a computing thing and notice vulnerabilities?
9
37
It’s obviously central to things like war fighting, but looking for insight into red-teaming where conflict and adversarial interactions are *not* the main point.
1
7
Spending last week in bogota around people to whom it seems like second nature was revealing (though the mindset does not dominate crypto to the extent it should). It’s not like startup/product mindset *or* like pure military/defcon mindset but some weird blend of the two.
1
9
How do you retain functional synthesis/design instincts for non-adversarial thinking while *also* looking at the thing from the pov of an exploiter. A house is mainly to live in, but “burglar proofing” has to be in your way-of-seeing as much as say lighting or comfort.
Starting to make a list of readings for a red-teaming track in our Monday distributed systems study group at
Quote Tweet
Replying to @vgr
I wrote a few on the theme a while back, but more talking about the other side, how this model can be used to build secure systems: link.medium.com/uI78bGxneub
7
Replying to
Whenever I look at a system I am thinking in terms of what the most valuable pieces are, and what grants access to those, & those, transitively. Becomes a granoveter diagram/promise map type thing, it seems like a sound model. Lobbyists “power map” polticians similarly.
1
1
Show replies