What is red teaming? How is it different from conventional penetration testing? Why do we need blue, red, and white teams? How are cyber-drills carried out, and what results should be expected? In this article, we will answer these and other questions related to red teaming.What is Red Teaming?The red team attacks, the blue team defends. The simple rules of

For the majority of people in the information security world, the act of offensive hacking is something they are tasked with protecting against but have little ability to do themselves. That is like asking a professional boxer to enter the ring without knowing how to throw a punch. Sure, you may be able to get in and last a few rounds, but eventually, a form

Presentation on logging and auditing strategies (as given at Secure South West 11). Building on my blog post on Cisco’s security blog entitled The Importance of Logs, I put together a presentation that picks apart some of the practical aspects of building a successful logging capability focusing on the need to document “good” and curate 

Presentation on Active Directory integration solutions for UNIX (as given at Black Hat Europe 2018). Over the past fifteen years there’s been an uptick in “interesting” UNIX infrastructures being integrated into customers’ existing AD forests. Whilst the threat models enabled by this should be quite familiar to anyone securing a heter

By way of an introduction to our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized to join UNIX infrastructure to enterprises’ Active Directory forests. Background to Active Directory i

Presentation on building effective SOCs (as given at InfoSec Europe 2019 on the interactive workshop track). Simon Crocker, Cisco’s EMEAR lead for SOC Advisory looks at what goes into making a SOC work effectively. This talk discusses the core SOC requirements around monitoring and incident response function, but also touches on some of the other serv

Presentation on Zero Trust and the importance of identity in breach response and recovery (as given at InfoSec Europe 2019 on the tech talk track). Richard Dean, Cisco’s EMEAR Head Of Security Advisory Services looks at Cisco’s approach to zero trust. This talk discusses the need to monitoring your users’ access and privileges and how securing t

Presentation on building an effective operational security capability (as given at Cisco Live US/Talos Threat Research Summit 2019). This talk will not help you build a SOC in only 60 minutes, but it will help you build a functional security operation over time. Building a SOC can be daunting. This talk will look at how to pick your fights and the key battle

I’ve added some handy tools to my pentest toolbox this year. You’ll find a short description of each with links to more information below. Whether red or blue team, you’ll want to know what these tools can do.Password SprayingPassword spraying is guessing a few passwords against a large list of users in order to avoid account lockout. You w

In military jargon, the term Red Team is traditionally used to identify highly skilled and organized groups acting as fictitious rivals and/or enemies to the “regular” forces, the Blue Team. Whenever we discuss Information Security from a defensive point of view, we are inclined to think about protection, damage control, and reaction. However, adopting an at

In security many people see solutions of problem as a whole, all or nothing. Many times even worst they see the security as a hindrance to the delivery of a project or even day to day actions. Even internally in some organization with the size and level of maturity of having both a Red and Blue team you have rivalry between both. In this blog post I would li

Remote Desktop has been the Go To remote administration tool for many IT professionals and sadly many even expose it to the internet leading to brutefoce attacks and Man in the Middle attacks. I still remember the fist time I saw how easy it is from Irongeek examples using Cain & Able http://www.irongeek.com/i.php?page=videos/cain-rdp-terminal-server-mit