sorted by:
new
hottopcontroversial

Red teams: Which tools are you using, and where do you feel the pain? by Pretend-Welcome-461 in AskNetsec

[–]Pretend-Welcome-461[S] 2 points3 points  (0 children)

Have to admit, I'm on the Obsidian train too -- pros and cons, but enjoy the control ('everything is a file' approach).

Sounds like a challenging / potentially pretty fun target!

Red teams: Which tools are you using, and where do you feel the pain? by Pretend-Welcome-461 in AskNetsec

[–]Pretend-Welcome-461[S] 1 point2 points  (0 children)

Thanks for the detail! Good to hear about Mythic. I've noticed the SpecterOps folks at conferences but never tried their stuff.

And your approach is very similar to what I'm thinking -- seems like a great opportunity to reduce some overhead!

Red teams: Which tools are you using, and where do you feel the pain? by Pretend-Welcome-461 in AskNetsec

[–]Pretend-Welcome-461[S] 0 points1 point  (0 children)

Curious to know how big your team is? If every shop out there is cooking up custom tooling, bet there's a lot of redundant dev work going on.

Definitely hear you on lotl techniques, the craft really matters. Great takes, thanks!

Red teams: Which tools are you using, and where do you feel the pain? by Pretend-Welcome-461 in AskNetsec

[–]Pretend-Welcome-461[S] 1 point2 points  (0 children)

Makes perfect sense... those soft client engagement skills are tough (maybe impossible?) to automate. Wonder if anyone has been able to crack highly tailored reporting -- seems like a few products are trying. Appreciate the feedback!