Philosophy

The Benefits of Internal Red Teaming

In response to a Twitter thread regarding if companies budget for 100s of hours consulting fees in prolonged engagements, MG said the following:

One advantage of internal red teaming is that the $/hr isn't a focus. Rather, it becomes about lining up outcomes and value to a specific target, which is also hard to argue for without the more intimate internal relationships.

Most companies aren't ready for this kind of thing like most aren't ready for having an 0day used during an operation. If you can't fend off the techniques being successfully run against tons of other companies, it's inappropriate to throw your money at fighting several classes above your weight.

Initial Access

Per Justin Elze, not many classes exist that are represnetative of 6-12 week red team engagements. Recon both pre and post exploitation is limited with AD being "run bloodhound in dc only", Linux, more complicated phishing, and avoiding being burned to the ground by IR.

The hardest thing these days is initial access with clients who actually learn and improve from red teaming. Most places are trying to test orgnic detection and response by not telling anyone in defense besides some managers or directors.