Reporting is, by nature, only the threat actors that have been caught. What about all the ones that didn’t get caught? There is no way to examine that and It comes down to the fact that we don’t know what they did and therein lies the problem for threat emulation.
Reporting is, by nature, only the threat actors that have been caught. What about all the ones that didn’t get caught? There is no way to examine that and It comes down to the fact that we don’t know what they did and therein lies the problem for threat emulation.
NOTE: Some of the topics in this article are probably going to be a bit contentious, but part of the hope in publishing this article is to drive some additional discussion within the offensive security community Ransomware has become one of the most prevalent threats that companies face today. It ...
Something that we have seen increasingly often on Twitter recently is people ostensibly posting about “Red Teams” and how if they did what APT X did, all their colleagues would be laughing at them. This is arguably a huge problem and we don’t mean the laughing. Not every organization is ...
Last month we taught our DEF CON 27 workshop, Introduction to Sandbox Evasion and AMSI Bypasses, as a webinar. It went really well, but the primary focus of the course was on delivering a primary agent to the target and getting it to run. We discussed how to obfuscate payloads ...
Going back to our Offensive Security definition, red teams and pentesters are attempting to validate that an organization’s systems.
