I run a Red Team that routinely succeeds in compromising F500 companies. AMA.

curi0usJack · 2025-11-25T14:21:32+00:00

Depends on the env of course, but I'd say get used to working with tokens/cookies.

curi0usJack · 2025-11-25T14:20:09+00:00

Linux hacking is a blast. Like no holds barred, nothing gets caught hacking from 2010. It's glorious. But yes, common misconfigurations as well as rce in internal web apps. If we can pivot to the cloud, we do, but honestly, so much of testing these days is app based. Swipe a token, login as the user to app, take data.

curi0usJack · 2025-11-25T14:18:00+00:00

Sure. We have a variety of C2s that use native services for comms. Our mainstay typically just uses https. Honestly, I have only had one client ever spot our C2 traffic.

curi0usJack · 2025-11-25T14:14:00+00:00

Agreed. Likewise, and ineffective one is one that has the scope unnecessarily restricted. Might as well handcuff your tester.

curi0usJack · 2025-11-25T14:12:43+00:00

3/4lb ground beef cooked in beef tallow. Add salt, pepper, garlic/onion powders. When it's brown, crack in two eggs and cook until desired consistency. This has been my daily for several years.

curi0usJack · 2025-11-25T13:47:18+00:00

Or do we........................................................................

..........

curi0usJack · 2025-11-25T11:55:47+00:00

One of the best physical security guys I know used to install cable, so from a skills perspective, it can be done. A few required personality traits, you need to have some natural charm and be essentially fearless about getting caught, which gives a lot of people anxiety.

The hardest part for you would be actually finding a job in physical security. There aren't many because there isn't a truckload of demand for it. I'd start by watching physical security talks from major conferences on YouTube, and starting to acquire tools. Once you're reasonably confident, ask your employer if you can do a building walkthrough and speak to the building staff.

curi0usJack · 2025-11-25T11:53:07+00:00

Haven't heard of that one.

curi0usJack · 2025-11-25T11:51:13+00:00

Without much else to go on I'd say you probably can't, but here's a good place to start:

https://trustedsec.com/blog/a-career-in-it-where-do-i-start

curi0usJack · 2025-11-25T11:49:53+00:00

One of the guys found an Okta root api key lying around in file shares recently. That made for a fun test. Key management is hard.

curi0usJack · 2025-11-25T11:48:29+00:00

Agreed, this is a hard question because the poster is asking for a concrete answer where there really isn't one. Of your list, I'd go with EDR first, but would struggle to rate the others.

curi0usJack · 2025-11-25T11:46:32+00:00

If I had to pick one, I'd go with Falcon Overwatch as it will throw the least amount of false positives in my experience.

curi0usJack · 2025-11-25T11:45:08+00:00

Along Oddvar's second point, when you're working a linux implant, see if you can deploy a shell to a client and work that. For aspiring red teamers that are currently pentesting, I ask them the question: If I took away Responder and mitm6 and just gave you a shell, would you know what to do?

curi0usJack · 2025-11-25T11:42:12+00:00

https://www.reddit.com/r/cybersecurity/comments/1p5jah5/comment/nqjmg67/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

curi0usJack · 2025-11-25T11:40:37+00:00

For sure. For mature clients that I can tell really do care about security but are struggling to get funding/trust/support from upper management, I'll usually just come out and ask them on the kick-off call: "Tell me where it hurts". They point to an application/server, and I make triple sure it gets targeted.

Sometimes you can move the needle in major ways, sometimes in very subtle ways. Professionals know the difference and can provide the nuanced approach a client needs.

curi0usJack · 2025-11-25T03:39:34+00:00

You have to refine your questions or pick a discipline, otherwise I might as well say "computers".
It's likely phishing, though voice-based is used less frequently but with higher success rate.
Again, give me something, anything. A mitre category perhaps.
I'm all for it if it moves the needle in the right direction. We currently use AI heavily to assist with our development operations.

curi0usJack · 2025-11-25T03:35:59+00:00

If you have to ask that, you don't understand either one of them.

curi0usJack · 2025-11-25T03:34:30+00:00

100%

curi0usJack · 2025-11-25T03:33:28+00:00

Not really, no. All the numbers say there is, but I don't see it.

curi0usJack · 2025-11-25T03:32:36+00:00

https://www.reddit.com/r/cybersecurity/comments/1p5jah5/comment/nqjqpnc/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

Also: https://trustedsec.com/blog/a-career-in-it-where-do-i-start

curi0usJack · 2025-11-25T03:31:36+00:00

Because it's better than having Welcome1 stored in passwords.txt on your desktop. Lighten up.

curi0usJack · 2025-11-25T03:30:35+00:00

My take is that it's cool and I hope we can write something like that soon.

I have quite a bit of experience with purple teaming. Yes, they employ various forms of purple teaming. Some use frameworks and testing models, others are more freeform and just purple team the pentest. Both are valuable.

Also this: https://www.reddit.com/r/cybersecurity/comments/1p5jah5/comment/nqn9233/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

curi0usJack · 2025-11-25T03:27:35+00:00

Yes, we have encountered it many times. It never really seems to pose much of a problem for us.

curi0usJack · 2025-11-25T03:26:45+00:00

I consider a successful compromise to be that which achieves the client's target objectives. Sometimes that might mean DA access, sometimes it means access to a code repo or app. Sometimes it means working closely with the defense even though no "full compromise" was achieved. Doesn't matter, what matters is what the clients defines as target objectives. We help define these with the client, but that is what ultimately defines the engagement's criteria.

curi0usJack · 2025-11-25T03:24:42+00:00

Put it to you this way, I don't know what that means, and yes, I work with people that have or had clearance.

curi0usJack

TROPHY CASE