The Senior VP and the Marketing Plans - Again...

It happened once. It happened again.

While we were visiting several customers in Europe, we went to visit one of our customers that always requests for deeper and better assessments on their networks and plans. A large multinational corporation, last year we managed to get their marketing plans after blending in with their marketing staff.  
This year, the security director asked us to try to penetrate the Board of Director's meeting. Like last year, blending in proved to be a good tactic.

Read More

The Top

Sometimes you don't know what you agree to until it's too late. In this particular project we were testing physical security around the customer's building. The customer asked us to try to bypass their physical security measures and if possible reach a certain room and leave a note there.

It sounded like a fun project.

The next 3 weeks were spent researching the target, recon during the day and night, trying to get the right names for some social engineering attack if needed and gear, techniques and planning.  

At the end we discovered a vulnerability and we thought we could exploit to get us in. The only problem was that in order to get that potential point of entry we needed to get to the roof.

Read More

Quote of the day

"...however if you can’t think outside the box, if you can’t find ways to bend the rules, to think like an attacker, to lie, to cheat and to really want to find a way to succeed, then you won’t be able to perform."

-- So, you want to be a Red Teamer

Do you need to have a Red Team?

Somewhat out there, but the article has some good points.

Litigation can be a battle. You marshall your forces and attack the opposing party. But there is a long lead time from the filing of a lawsuit to the commencement of a trial. During that time you lay out your strategy. How to approach the case, handle witnesses, develop a compelling narrative and theme. But you don’t want to be surrounded by yes-men. While working on a project it is easy to develop a cocoon. A selective filter bubble that only incorporates what works and fits in neatly with your narrative. But you have to push back against it and organize dissent.

You need a Red Team.

Red Teams are heretics. They try to buck expectations and throw a monkey wrench into solidified plans with little manpower and small resources. Red teams are generally smaller, underfunded, and placed at a disadvantage from the get-go. All things being equal, they are supposed to lose.

But a Red Team’s weaknesses also give rise to: creative problem solving, lateral thinking, intense team cohesion, strategic surprise, deconstruction of dogma. Essentially, a Red Team takes the role of advocate for a disadvantage adversary. Which is exactly what you need to cultivate within your office heading into litigation. Especially when you feel confident about your case.


Quote of the day

"Rule of Robustness: Robustness is the child of transparency and simplicity."

-- The Unix Philosophy


Quote of the day

"See the people. Bricks vs. clicks. Pound the pavement. Although technology can increase efficiency and provide a worldwide reach, the human effect is just as important as in years past. Technology (hardware) compliments the human effect, but does not replace it. Drones don’t win wars, people do. They are a great addition to our kit bag, but not a replacement for boots on the ground. The same holds true in business and in life."

-- Josh Markiewicz, Utilizing the SOF Truths in Business: Humans Are More Important Than Hardware.