Red Team: RedTeaming VS PenTesting
ฝัง
- เผยแพร่เมื่อ 16 พ.ค. 2023
- Lets discuss the basics of PenTesting Vs Red Teaming in this beginner-friendly TH-cam video. Discover how PenTesting helps identify vulnerabilities, while Red Teaming provides a more comprehensive evaluation of an organization's security. Gain insights into these cybersecurity practices and understand their importance in securing digital systems!
For a full list of my Covert Entry tools, check out my github at:
github[.]com/davidprobinsky
Check out my IG at @ RedTeamVIP
Backdrop Image by kjpargeter on Freepik - วิทยาศาสตร์และเทคโนโลยี
This is fantastic, as a person who is interested in red team, you gave me a good glimpse and a better picture of what it takes. Keep producing more information about this area. 👏🏽
Absolutely! And thank you for the feedback!! More vids coming soon!
One of the things a PMC I worked for did was PHYSEC evaluation. The way Id characterize the difference between pen testing and red teaming (we didn't really call it that) was that pen testing was more academic. The testers would go around and check the individual security measures and give the client a walkthrough report; this is a bad lock, your camera has a blindspot, etc. The red teaming was malicious. We hit live targets and actually tried to 'do damage', like taking stuff, or compromising infrastructure; or simulation thereof.
The social engineering aspect is a good metric. On one target, we were to access some materials. The location they were in, had soft physical security that we could defeat in seconds, but not without getting caught by the Human security during the access. We 'social engineered' the security operation, by overtly attacking the physical elements a couple times, like just unlocking the door and leaving it ajar, on a passby. So, they moved the materials to a harder location, but because it was physically harder, they skimped on the Human security. That gave us about 30 min with the objective, which was bout 20 more than we needed.
Generally speaking, the teams had no contact with the client and in many cases, part of the exercise was timing the client to find out how long it took to discover the compromise and react.
I totally agree with you, the purpose is to help clients improve their security, as well as measuring their timing and reaction against a threat.
As for the terms, I don't have a military background, but Ive heard of a few different names depending the types of engagement and sector in which its discussed, Ive even heard the term "Tiger Teams". In the Infosec & IT field I'm noticing more and more the use of the term "Red Team" for offensive security engagements, and all is performed from behind a computer.
My goal with the video was to keep it simple for those coming new to IT for the first time, and bring a bit of awareness to the table about Social Engineering as well as Physical Security. Also, thank you for sharing your experience!!
Omg! This has to be the best video on explaining Red Team and the difference between the other two roles. I initially thought Red team was Pentest. After you explained Red Team all I could think about was Mr. Robot! Excellent video! No fluff just straight to the point!! Thank you!
Thank you for the feedback! ❤️
Very helpful and thorough explanation, thank you!
Thank you! A perfect, short and clear explanation of the difference between PenTesting, Ethical Hacking and RedTeaming
Thanks for the feedback! 🙌
Thank you for sharing. You've earned another subscriber for sure.
really appreciate, now I don`t have to waste my time anymore on pen testing, I just wanna sit behind my laptop
Hi David! thank you for this video. Very good information :)
Thank you for the feedback! Glad you enjoyed it!
Made it very easy to understand, subscribed!
Awesome, thank you!
best explanation every, can u make a vid about the roadmap of each and what certifications to get. thanks, hope you will do.
Great video David thanks!
Glad you liked it!
Great video.
Well explained.
Bro you’re awesome and simple ❤❤
I appreciate that!
A cantanna? Any useful links to read more on this and build one
Yeah, they are called Cantenna (Can + Antenna). This post is a bit old, but it should provide you with more info: jacobsalmela.com/2013/09/07/wi-fi-cantenna-2-4ghz-how-to-make-a-long-range-wi-fi-antenna/
Great explanation! 👌👌
Glad it helped!
great video! you have earned the sub!
Thanks for the sub! 🙏
Is wifi pineapple or adaptor, hacking devices flipper zero , hackrf are used in penetration testing ?
The Wifi Pineapple is used often, yes. The Flipper, sometimes, not as often. The hackrf, I personally have never used it in an engagement. Now USB implants, such as the rubber ducky or the Key Croc keylogger, I use very often.
How do you get a job? I know someone who got their OSCP and still couldn’t get a job.
Maybe actually study IT or cybersecurity at a university before applying for a job
Thanks 👍❤
Always welcome
Camrahnbay subscribed.
Great
Well thanks you sir ,I follow you 🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉
Red teamer is a apy
🫶🫶🫶🫶🫶
This is great David! I didn’t know you had this channel 🫡
Thanks for the feedback! Yeah, been quietly making videos this past year, and trying to shift gears and make more content.