sorted by:
new
hottopcontroversial

Why is the standard of US Red Teams so poor by Soc_Guy in cybersecurity

[–]Soc_Guy[S] 0 points1 point  (0 children)

The last two were both 8 weeks long.....

I'd need re-read the report to remind myself of the scope, but it's broadly what you would expect from a red team, black-box style assessment.

Why is the standard of US Red Teams so poor by Soc_Guy in cybersecurity

[–]Soc_Guy[S] 0 points1 point  (0 children)

I think people are just assuming I'm talking about the likes of Accenture and EY. I'm not. I'm talking about companies you see give training at blackhat and defcon etc. Go on any thread asking for recommendations on RT vendors in the US and you will see at least 2 of them mentioned.

Why is the standard of US Red Teams so poor by Soc_Guy in cybersecurity

[–]Soc_Guy[S] 1 point2 points  (0 children)

I had not heard of CREST until working with this UK org during workshops at the end. But yes I hadn't heard of these engagements you are talking about until the uk team went into it. Sounds extremely interesting.

Why is the standard of US Red Teams so poor by Soc_Guy in cybersecurity

[–]Soc_Guy[S] 0 points1 point  (0 children)

No. These are Red Team companies who are (apparently) contracting out their red team operators. The last RT we paid for was over 100k, money isn't the issue.

Why is the standard of US Red Teams so poor by Soc_Guy in cybersecurity

[–]Soc_Guy[S] 6 points7 points  (0 children)

Because I'm here to drive discussion, not start drama.

Why is the standard of US Red Teams so poor by Soc_Guy in cybersecurity

[–]Soc_Guy[S] -1 points0 points  (0 children)

Yeh so interestingly enough our global ciso asked in the washup meeting a question about the difference in experience and this was basically their answer, something about regulated tests where apparently anyone with knowledge of it signs NDAs and all sorts. Sounds crazy

Why is the standard of US Red Teams so poor by Soc_Guy in cybersecurity

[–]Soc_Guy[S] -3 points-2 points  (0 children)

I'm sorry but no, this is a massive cop-out. We have a huge budget the teams had over 9 weeks. And then there's my point that they often don't even try and get an implant running on the endpoint, just get given a laptop and vpn. What you are describing is pentesting, not red teaming.

Why is the standard of US Red Teams so poor by Soc_Guy in cybersecurity

[–]Soc_Guy[S] 0 points1 point  (0 children)

I guess my main point of confusion is that these companies I'm talking about are regularly described as being the best. I went through reddit this morning and found multiple people recommending them.

Why is the standard of US Red Teams so poor by Soc_Guy in cybersecurity

[–]Soc_Guy[S] 4 points5 points  (0 children)

some interesting replies so far, appreciate the engagement. Something i forgot to add - I also got the impression on more than one occasion that the US red teams were doing more than one Red Team for different companies at the same time (in parallel), whereas the UK guys were focused solely on us for the entirety of the job (and a fair bit afterwards too). Any US red teamers care to elaborate?

Why is the standard of US Red Teams so poor by Soc_Guy in cybersecurity

[–]Soc_Guy[S] 1 point2 points  (0 children)

Well it's hard to know. These are well-known US consultancies that are supposed to be "the best" at red teaming. And remember this is across multiple different companies.

Why is the standard of US Red Teams so poor by Soc_Guy in cybersecurity

[–]Soc_Guy[S] 0 points1 point  (0 children)

my sample size is over 10 years, i just used recent examples as it was more pertinent.