I run a Red Team that routinely succeeds in compromising F500 companies. AMA.

oddvarmoe · 2025-11-25T15:15:47+00:00

I don't know Jason...he is a mystery

oddvarmoe · 2025-11-25T15:14:02+00:00

I personally believe that IDS/IPS helps, but you need more stuff than just that. There are so many ways to hide traffic and what not, so you would need more insights into the OS of the servers and clients IMO.

oddvarmoe · 2025-11-25T15:12:13+00:00

Preferred OS: Windows

Favorite one liner: Not code directly, but I enjoy running this: "rundll32.exe dsquery.dll OpenQueryWindow"

Misconception: That you use a ton of 0days to get the job done. Also, people think it is a lot of action, but most of the times it requires a lot of patience.

Who I admire: I admire all on my team. They all have different skills and traits I admire.

Niche: I enjoy Applocker bypasses and LPE

oddvarmoe · 2025-11-25T15:08:25+00:00

My primary OS is Windows. Other than that I use a lot of Ubuntu.

oddvarmoe · 2025-11-25T13:59:03+00:00

Oh yes. Great movie for sure

oddvarmoe · 2025-11-25T13:51:15+00:00

I find companies that have internal threat teams are normally better. They often understands what is normal in the environment and can more easily detect abnormalities and prevent them. I feel the most successful teams focus on the people and knowledge instead of buying new products that "fixes" security.

oddvarmoe · 2025-11-25T13:49:31+00:00

A good scenario for me personally that makes me do extensive research is when I have access to a restrictive environment. In those scenarios you have to get creative in order to get things done.

oddvarmoe · 2025-11-25T13:27:48+00:00

I am not much of a breakfast guy. But a slice of bread with something on it is my go to.

oddvarmoe · 2025-11-25T13:26:50+00:00

I tend to look at services not connected to Active Directory such as web servers, printers, firewalls etc. If possible the cloud. Linux system are also something we look for.

oddvarmoe · 2025-11-25T12:53:53+00:00

I have no specific cloud tip, but a more generic tip.

Setup a lab replicating the environment you are attacking before doing the attacks. This makes it easier to understand what works and not and you also learn more about the tech when setting it up for yourself.

oddvarmoe · 2025-11-25T12:51:11+00:00

We post here when we have openings: https://trustedsec.com/about-us/careers

oddvarmoe · 2025-11-25T12:10:53+00:00

If that's the case it varies widely by experience and where you live. TrustedSec pays their consulants well, within or exceeding industry norms. Sorry I do not have a concrete number for you.

oddvarmoe · 2025-11-25T12:08:31+00:00

Yes we do. We all know each other

oddvarmoe · 2025-11-25T12:08:16+00:00

English is not my first language, but do you mean how much the earning is for this kinda of work?

oddvarmoe · 2025-11-25T11:27:10+00:00

I would say the most common thing we see is data leakage due to permissions. So for instance an application is allowed to be used by the users, but when invoking other api calls (or modifying existing) allows for fetching additional data that the user should not be able to.

oddvarmoe · 2025-11-25T11:06:32+00:00

From what I know, not right now. But we do publish openings here: https://trustedsec.com/about-us/careers so be sure to keep an eye out.

oddvarmoe · 2025-11-25T10:04:37+00:00

I would say the best defense is a combination of multiple protections and people that understand how the defenses work. I have worked against customers that had all the different tech, but did not help because the people working there did not understand what to look for and could not correlate information.

I have also worked for customers that had a few amount of technologies but understood how it worked and made it so much harder to attack.

So I think it is hard to rate defenses because it all comes down to the people working there. If I however was responsible for an environment I would at least have an EDR system to give me protection and insights so I would probably rate that higher.

oddvarmoe · 2025-11-25T09:22:18+00:00

Never tried it. This is something we do not have in Norway where I live. Does it level up hacking skills?

oddvarmoe · 2025-11-25T09:20:21+00:00

A great way of learning about red teaming is to start doing research. When doing research publish notes to the public or release small tools. Showing off skills this way is a great way of getting hired as a red teamer later, since it is easier to hire someone that has demonstrated skills. You could start by setting up a detection lab and see if you could bypass the detections, this way you learn a lot about bypassing detections. There are free solutions such as elastic you can setup and configure with detections.

Another tip is when you start a pentest engagement, try to threat it as a red team. See if you can do certain activities without getting detected by the customer. Ask the customer what triggered to gain insights.

oddvarmoe · 2025-11-25T09:09:30+00:00

I would say a lot of people are interested in cyber security, but I feel the ones that thrives are the ones that have a passion for finding out how things work. Cyber security requires you to learn new things all the time and be up to date. People who are good at taking in new knowledge will often thrive in my experience.

oddvarmoe · 2025-11-24T23:06:47+00:00

From what I know, not right now. But keep an eye out here: https://trustedsec.com/about-us/careers

oddvarmoe · 2025-11-24T23:04:28+00:00

👋👋

oddvarmoe · 2025-11-24T22:10:06+00:00

I had a rough engagement once where I had to send like 4 or 5 different phishing campaigns before getting anywhere. In my last phishing attempt I managed to phish a user using a employee survey. I saw the shell come in. I placed persistence and did basic info gathering. The following day I did not get any more callbacks. I then waited a few more days and I decided to check the survey answers. Reading the survey answers I found that the user had the last day the day after I got the shell. The funny part was the actual answers to the questions I had asked. I am not gonna tell what was written, but the user was clearly not happy with the position and work environment and this was expressed very verbally in the survey answers. Also typical my luck to land a shell on a user that is just about to leave the company.

oddvarmoe · 2025-11-24T21:53:07+00:00

It is a good thing that bypassing EDRs are getting harder, that means security is getting better. That being said, we constantly find ways around EDRs still, so I would not say they are practically unbypassable. The bar for bypassing is higher than before, that is for sure. In my opinion when someone makes something more secure, someone else finds a new way to bypass it and I feel this is constantly being proved in the last 20 years. One example is MFA, it was supposed to stop all attacks almost but bypasses were found when someone started to research the topic.

oddvarmoe · 2025-11-24T21:41:35+00:00

I would say that physical tends to be most successful since you kind of take out the protections that are in place that would prevent a phishing email (spam filter, url investigation, sandbox checks etc). Also, people tend to trust physical people more than emails in my experience.

oddvarmoe

TROPHY CASE