Penetration Testing mailing list archives

Re: Blue Team ROE

From: Pete Herzog <lists () isecom org>
Date: Wed, 14 Mar 2007 14:43:39 +0100

I need to second what Anna says. If they are shopping for a Blue Team testthen why are you coming at them with Pen Test procedures? For a Blue Teamtest, take a note from the OSSTMM, document what you don't do as much aswhat you do like in its Security Testing Audit Report. And you don't needto crawl through all the holes to identify them, define protection andcontrols for them, and look to see who maybe was there before you. That'sa Blue Team test and it can be a very thorough audit. What it won't be isa pen test.


-pete.

Angelacci, Anna M CTR SPAWAR, J616 wrote:

Plan
Prepare  letter of consent, and letter of instruction. Blue teams do not
penn test, Red teams do. Blue teams detect, protect, react, and recover.
With your current methodology, you could lose your work.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of mesenbrink () hotmail com
Sent: Thursday, March 01, 2007 2:45 PM
To: pen-test () securityfocus com
Subject: Blue Team ROE

List,

I wanted to send out a general email asking the members of this list
their professional opinions on being limited during a Blue Team
pen-test.  I have a govt customer that is trying deny us the ability to
remove password hashes/files from the system for cracking, write
procedures for every tool/exploit that could be possibly executed, not
allow the loading of any tools/exploits on target systems, things like
that.....  Of course my reaction is that my company will not perform the
assessment with such restrictions, what are some thoughts from this list
on this subject?


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Blue Team ROE mesenbrink (Mar 04)
- RE: Blue Team ROE Dexter, Ben (Mar 05)
  - RE: Blue Team ROE McCarty, Eric C. (Mar 05)
- RE: Blue Team ROE Dave Sanford (Mar 05)
- RE: Blue Team ROE Angelacci, Anna M CTR SPAWAR, J616 (Mar 13)
  - Re: Blue Team ROE Pete Herzog (Mar 14)
  - RE: Blue Team ROE Tim Singletary (Mar 14)
- <Possible follow-ups>
- RE: Blue Team ROE krymson (Mar 06)
  - RE: Blue Team ROE Dave Sanford (Mar 09)
- Re: Blue Team ROE zenmasterbob123 (Mar 14)