Penetration Testing mailing list archives
RE: Blue Team ROE
From: "Tim Singletary" <tim () active-defense com>
Date: Wed, 14 Mar 2007 10:07:53 -0500
First off, I agree blue teams do not pen test, red teams do. In just about all pentesting, even if there are no defined restrictions (which most cases would be), there will be some common things you do not do with customer information. One is drag password hashes across an ISP that either the customer is not comfortable with or you have no control over. With the fact that this is a govt customer I could understand some of the reluctance. This is what is called risk management, without constraining the ability of the red team to work outside the box. Sounds to me like both parties need to sit back down at the "scope table" to define what the goal here really is. Timothy Singletary CISM, CISSP, CEI, CEH, Security+,CTT+, MCP -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Angelacci, Anna M CTR SPAWAR, J616 Sent: Monday, March 12, 2007 9:24 AM To: mesenbrink () hotmail com; pen-test () securityfocus com Subject: RE: Blue Team ROE Plan Prepare letter of consent, and letter of instruction. Blue teams do not penn test, Red teams do. Blue teams detect, protect, react, and recover. With your current methodology, you could lose your work. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of mesenbrink () hotmail com Sent: Thursday, March 01, 2007 2:45 PM To: pen-test () securityfocus com Subject: Blue Team ROE List, I wanted to send out a general email asking the members of this list their professional opinions on being limited during a Blue Team pen-test. I have a govt customer that is trying deny us the ability to remove password hashes/files from the system for cracking, write procedures for every tool/exploit that could be possibly executed, not allow the loading of any tools/exploits on target systems, things like that..... Of course my reaction is that my company will not perform the assessment with such restrictions, what are some thoughts from this list on this subject? ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 00000008bOW ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.11/721 - Release Date: 3/13/2007 4:51 PM -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.11/721 - Release Date: 3/13/2007 4:51 PM ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Blue Team ROE mesenbrink (Mar 04)
- RE: Blue Team ROE Dexter, Ben (Mar 05)
- RE: Blue Team ROE McCarty, Eric C. (Mar 05)
- RE: Blue Team ROE Dave Sanford (Mar 05)
- RE: Blue Team ROE Angelacci, Anna M CTR SPAWAR, J616 (Mar 13)
- Re: Blue Team ROE Pete Herzog (Mar 14)
- RE: Blue Team ROE Tim Singletary (Mar 14)
- <Possible follow-ups>
- RE: Blue Team ROE krymson (Mar 06)
- RE: Blue Team ROE Dave Sanford (Mar 09)
- Re: Blue Team ROE zenmasterbob123 (Mar 14)
- RE: Blue Team ROE Dexter, Ben (Mar 05)