Search
-
Re: Defending during a PenTest
-
Re: Defending during a PenTest
I don't ask our clients to whitelist us. It's just our style, but if they can detect and stop us, we just move on to other vectors. It all depends on what the client is trying to accomplish. Sometimes it's just a webapp pentest in a test environment. I guess it depends on your definition. Our style of pentesting and ttp's… -
Re: Defending during a PenTest
Lack of detection should be a critical finding. IF you detect them, yes whitelist and allow them to continue. Unless you have the budget for both red teaming AND a pentest why would you not want to test and validate that your detective controls are working as part of a pentest? What is the ratio of red team engagements vs… -
Defending during a PenTest
When you hire an external company to perform a pentest, should your staff be performing defensive measures during it? For instance, if you notice they were able to create an account and elevate it to domain admin, should you be removing it from domain admins during the test? My opinion is no, as it skews the results of the… -
Re: Defending during a PenTest
-
Re: Defending during a PenTest
Pentests are overt, scheduled, and part of security auditing. Pentests are used to improve network security by finding (possibly) exploitable vulnerabilities. The Blue Team (i.e., SOC) will be informed of the pentester's activity, and ignore the activity they see from the pentester's source IPs. You do not actually… -
Re: Defending during a PenTest
It totally depends on what you are trying to accomplish during a pentest. When we conduct a pentest, we usually will work that out with the client ahead of time. Our preference is to actually ask our clients to employ their normal counter-measures because we test to OWASP and SANS recommendations for defences. Not all… -
Re: Defending during a PenTest
-
Re: Defending during a PenTest
We haven't found that to be effective. Because once we gain a foothold, our targets typically can't tell it's us. To be honest, it really depends on the scope of the engagement - a lot of pen testing scopes these days are routine to the point of being useless. The routine testing still serve a purpose but if that's all an…
9 results