Stories from the trenches - How a red team exercise gained full control of a client network

yeah then I'll introduce him yeah so Christan is an offensive security manager at tellos one of the okay he an offensive security manager tellos and um he has been involved in cyber security in various roles for the last um 10 years plus overlapping with career in software development that started in 1997 it's it's quite a long period actually yeah so um his join he started at turnos as a contractor performing penetration testing and um security assessment then after two years he then joined them as full time yeah so um while going through this I was like oh this is going to be a good section and I believe so I am confidence with the with

the history or the record I went further a little bit to do some more research about him and um I must say I'm impressed and um it's my pleasure to welcome you and um please join me or let's welcoming in for today's speak thank you thank you for the kind words hello Edmonton so good to be home this is like going to church everybody just sit at the back and leave the front seats empty here if you want to move to the front feel free to rearrange you know let's get uh get Co in here and it's so good to talk here in Edmonton I I have traveled Fair bit in the last I don't know how how long four five years

3 4 years telling my stories about the industry telling uh sharing experiences sharing failures which is sometimes more important than sharing uh our experience so you go make your own mistakes don't make the same mistakes I made so it's always good to share those but it has been such a long time that I don't have one of these sessions here in Edmonton and one thing that blew my mind right away is how many people I know here it's so good to see so many familiar faces people that used to work with me at Tellis people that used to work with me you know me for a while you know I worked at Concordia for many years been

teaching there for many years I understand they're one of the biggest sponsors here today who here is associated with Concordia in any way student staff professors former students okay well I guess they're probably watching other sessions but anyway pleasure to be here and my name is Christian Cordo I work for tals and I manage the offensive security department but don't worry I'm not going to be offensive here today I've been practicing for a while if I start being offensive just let me know and I'll tone it down a notch but what we do there is offensive security which means we are not really preventing things we are trying to replicate criminal behavior in a non-destructive

fashion so trying to find the breach exploit the things and find the vulnerabilities and where can we go from there before an actual criminal does it so that's what we do there and I've been in that I used to be one of the penetration testers which was a lot of fun and in addition to the story that I'm telling today I prepared some bits and pieces of couple funny moments that happened during during those years and I have a a larger story today about how a red team exercise uh was able to gain full control of a customer Network during the execution of that engagement it was a long engagement and that's typically the nature of red team

engagements and eventually we were able to obtain full access and the client had no idea they never got any alerts they had they really had no idea and that's the scary part because this was a customer that on paper they were doing everything right so say you're an auditor you have any Auditors here show pant no we got a couple here so if you walk into that customer and you're like okay let me see your your proess let me talk to your people you do your interviews you look at the reports everything checks out they had been doing penetration testing for the last few years they had uh uh they had their compliance in place they

had their security awareness programs in place they had a they had an EDR installed obviously misconfigured they had one in there they had a Sim also obviously misconfigured but it was there on paper thumbs up it was good and we still got in and they had no idea but I'll get there I I promised myself I'll keep spoilers to a minimum here so let me let me stay on track here before I start talking about that that story want to talk a little bit more about what we do at TS in terms of security because when you talk Talis most people are not really fully aware of the breath of our Professional Services when here knew that tells had

any kind of cyber security practice we're getting better more people know than than before uh there are a couple here that don't count because they are part of the team so they already knew they're uh undercover here on the presentation but that that's that's really good news but yes we're not just your dad's phone company we we do the cool stuff here too so we are part of a larger group of Professional Services so we perform all of those services like PCI compliance GRC uh and all the Frameworks out there n of uh the 18 CIS 18 um ISO all of those if you need an incidental response retainer we have that too do you want to do tabletop

exercises yep happy to help and we have my team the offensive security practice doing all of those services on the uh on the offensive side as opposed to the defensive side uh I manage the team nationally so I have I'm happy to have a great Bas team here in admington I have people in Toronto in Quebec in fact we have recently acquired a cyber security company out of uh Quebec called vew metric uh specialized penetration testing company they bring a lot of expertise in some specific areas of penetration testing very good and very sophisticated technology that they devel they developed inhouse that is now part of the telis group and we are now now integrating that big family so it's a

big team big team and we because we have even bigger Talis badge behind our backs we're always invited to participate on those very high-profile um security engagements I I remember one time we were performing a penetration test in um it was air transportation field and we were testing avionic systems and it was so high profile that we could not go to the bathroom unescorted because we were following National guideline National Security guidelines that's the caliber of uh some of the projects we're involved because of all the connections we have but we also have our smaller customers and our communities and all that which is a big portion in a big part of TS and one of our TS core values

our customers and communities first now the services that we perform here with offensive security and I'm not going to exhaust all of them because we don't have time for that or interest but the ones that I want want to emphasize here today are penetration testing and I want to talk a little bit about the differences between penetration testing and Red Team simulation because I have noticed in the industry especially among salespeople using those terms interchangeably they are not interchangeable they're very different they have different meanings on a penetration test you come to me and hey Christian I need a penetration test uh it's for compliance or it's for my insurance or we just deployed a new system we need

to test this system these IP addresses and the engagement is going to happen between October 4th and October 10th this is my network admin let him know when you're starting let him know when you're ending that's the penetration test and then at the end of the engagement you get your report for compliance and all that on a red team exercise uh it's not like that at all in fact you tell me almost nothing we are trying really trying to replicate criminal Behavior there without getting caught so at the end we can teach you how we did it so we can fix it and prevent from that point that point uh forward there is an overlapping

methodology in resources if you get uh a penetration test or more seasoned penetration tester very likely get into a red team exercise and be very successful there if you're just starting your journey in uh in offensive security chances are you're going to start with vulnerability assessments and then getting more knowledge and getting more Tools in your two box and doing the penetration tests and then internal engagements then eventually you get to the red team because the key thing for a red team simulation you got to be quiet got to be got to be a ghost because well first criminals they're not using qualis they're not using nesses they don't have a rapid seven subscription they are most of the time

creating your own tools so you don't get to use those either you need to either create your own tools or use open source tools so you're you're not caught you don't get caught right social engineering that's also something that we do a lot there well we're the phone company so one of the main things we do on a red team engagement is voice solicitation also known as vising when here is familiar with uh the the term social engineering excellent for those of you who are not social engineering is the art of hacking people and it's a phenomenal skill to have I may have used that in my know getting into concerts and other events uh but I digress uh

let's keep that just between us but when you are a social engineer you develop certain techniques to be more um develop your confidence and being able to Ade people a lot more so you can get what you want and that could be passwords that could be credit card numbers that could be whatever the target of the engagement is and we have an excellent team of uh of social Engineers it got better when I left the team I was one of the people making the calls and now we have much better people doing uh making those calls we have one guy there making uh Vision calls he's so good that one time because it's obviously all lies

right it's a it's a basically a a legal phone scam that you are running to try to get access to sensitive information this guy's so good that uh he called and this the target was a developer like a software developer technical guy so he starts running the script and it was about some patching being missing but there was a there was a bit of a glitch on the script and because it was a technical guy he caught the glitch he called my guy on like hey so there's something wrong with uh how come I I remember the details it's been a while but he got caught in the LI he was still able to turn it around and got the

developer password and I'm like dude you know he was lying why did you do that so it happens it happens but so that's social engineering when you look at a red team simulation that's in in a way the Pinnacle of of the security test and because you're using all of those things and you cannot get coped okay keep that in mind for the rest of the story

a few years back when I was still one of the penetration testers on the team had been involved in uh quite a few engagements and some of them were quite the predict me there is one that and I realize they are in a reverse order here I should have the the security crew uh to this side because I'm going to talk about that one first that was interesting because I I'm here in Edmonton and my team was doing a a red team engagement on this customer and they call me hey we need to check their Wi-Fi but the Wi-Fi Target happens to be in Edmonton do you know this place so I look at the address

like yep I know that place I know the building like all right so you just need to go there you can access the Wi-Fi from the parking lot and run these tests we wanted to basically do the Wi-Fi pen test see okay are we using any default passwords in here are you using U do you have any like insufficient ciphers still enabled anything this should not be allowed in your Wi-Fi is it allowed so it was pretty straightforward so like all right let's go it's around 7 to 8:00 p.m. and this is midco by the way so get in my car get my computer get my ts badge this is an important part of the

story I get my Tellis badge put it right beside my seat here with my computer and I drive to the building I grabb my computer okay can I see the Wi-Fi no it was too far the Wi-Fi signal was not strong enough correct guess I need to get in but again 7 to 8:00 p.m. midco nothing was uh really easily accessible especially after business hours so I drive I drive around the building a little bit and I get behind the building what do I see there well you know the back door it was propped open with a big garbage bag like this cleaning crew like let's go that's my end that's how I get in there so I get

too excited that's the problem I get too excited grab my computer do not grab my Tellis badge forget about it and walk into the building we wearing a like a baseball hat mask because again covid so super sketchy and my computer 78 p.m. so I walk in there Let's Pretend This is the door here so the parking lots over there I walk in here with my laptop and I like okay so I open it I have my team with an earpiece here like okay I can see the Wi-Fi now I just need to find a place so I find a little corner kind of like this one here and I get in here I kind of get down

like this a little bit and like okay I can do all the tests from here and I'm doing it and I find the Wi-Fi and I'm taking screenshots and sending Upstream minding my own business then something happened my peripheral vision start seeing something happening here as I turn about the distance from here to the podium right there maybe a little a little further maybe about this far A person wearing the the traditional uh janitorial uniform all blue with a mask and a hat couldn't tell male female couldn't tell it was just a person cleaning crew there looks at me I look at the person we make high contact I'm sweating at that point person says nothing like please leave

person leaves I'm like okay we're good I keep doing it and then again about right there but this time there's a noise radio chatter when I look the same person right there security guard talking on the radio cleaning person pointing at me and I'm like okay I got to go fast I didn't want to spend the night in the drunk tank that night so I closed my laptop I tell my guys I gotta go they like what I gotta go close everything run to my car uh and drive as fast as I could from there without of course getting into any kind of uh traffic trouble about 10 minutes driving away from there stop adrenaline is like right here stop call

back my team they're like what happened so I tell them the story they're like dude that's exciting it's like yeah it's exciting now because I did not get caught because at this point it's about 8:00 have you tried talking to a law La a corporate lawyer at 8:00 p.m. it's not happening he's busy he's going to answer your a call maybe in the morning if you're lucky so I spent the night on my bed and it was glorious so now I have this great story to tell you but the engagement is not over because now I need to go back there and see if they tracked my license plate I knew they didn't get catch my

face because Co so uh got my mask and all covered but whatever I go there walk in now I get into the office this is like 2: p.m. kind of thing place is open for business I get in there walk around take my hat off open my mask a little bit kind of do the the old you know look around make sure people see me put this back on nothing nothing happened nobody came to talk to me nobody came to ask hey were you last night we got your license plate here zero absolutely not so that is all part of the test so that went all in the report and that is a finding in itself because an institution

of that caliber should have realized hey there was a suspicious person here last night with a computer and ran away as soon as we got security and then next day I'm there and nothing so that was pretty exciting uh the next one that I wanted to share here with you with you guys is the fake names episode this one is a little more recent so I'm working with this company and I'm no longer at pentest at this point at this point I'm managing the team and I have a team of contractors working with me and after I work as a contractor with us for a little bit we have uh we create Tes emails for

you those kinds of things so you need to go through security checks and all that standard process police checks all that all that stuff so when I ask that the contractors they're like oh there's just one problem here the these are people I'm working for like 6 months now they're like oh there's just a problem here what do you mean yeah well our names they're not really they're not actually our names and I'm like what do you mean well when we work for this company here we all have fake names what do you mean you have fake names like yeah let's say this guy name was Jordan he's like my name is not Jordan my name is like my name is like

Robert or whatever like what are you joking right now go like no everybody's name is is fake here except the project manager like dude what's happening here's like the Twilight Zone and go was like no so I go to the project manager and I'm like dude Whiskey Tango Fox Thro here what's happening and he goes like what do you mean fake names he also didn't know that people who had me working with for like two years were using fake names goes back to her his uh C CEO CIO I don't know how many seet people he talked to they use their real names now we got the security checks everything ended well but thought it was pretty funny so if

you're starting your journey in cyber security those are some things you might you might run into here and there now talking about red team process there are like many things there's several ways to skin this cat here and for our process of for for red team simulation we had a few concerns in mind when you are hiring something of this caliber sometimes you have sometimes you have lots of time but you don't have money sometimes you have lots of money but you don't have time sometimes you have both time and money I I heard that happens I never saw it myself but I heard it happens but you don't have people to fix to deploy mitigations and all that so it

had to be something modular that you could work like Lego blocks to build your Sol to build your solution so generally speaking this can go between I don't know 2 to three months to 10 to 12 months depending on the size of of your organization and your GES so phase one that's our information gathering in external internal assessment so on a red team remember we're replicating criminal Behavior here we're being sneaky we're being ghosts so you tell me nothing you just come to me Christian I work for ecme limited and I needed to Red Team us and let us know what happens uh we we plan things around you don't tell anyone on your on your side uh normally it's

just you and maybe one or more people knowing the IDE is that nobody knows right because that's how criminals work we can Define some Rules of Engagement so for example let's say you tell me you can do whatever you want but don't touch our financial systems because maybe it's PCI compliance maybe you have a segregated CDE those things so you can Define what's out of bounds okay so this is off limits don't touch there uh social engineering for example let's say your Human Resources have has a strict policies against certain topics for certain pretexts for vision or for fishing emails for example you get to tell me in your fishing emails you're not allowed to send LinkedIn invites or

you're not allowed to send uh Amazon gift cards for example whatever your rules are your off bounds like can do that you tell me at that time like okay got it we got all that in place and writing and got the good old John Hancock there and we get started so phase one well it's pretty safe to say that uh Us in cyber security here we're professional stalkers here right we can if there's something we want to find out you know we will find out and that's what we do on phase one not only we use the common knowledge tools like Google and other search engines we have specialized tools that we use to gather

information and all that LinkedIn is one of our best friends there because through Linkedin we can figure out who works where who's friends with who which school you went what did you work where did you work for your previous job all that stuff so it can build a report with you right uh so we do a lot of that and many other things so we do all of that information gathering on phase one once we gather all that we plan the attack and we execute on phase two provided those two are successful we move on to phase three which is purple team if you're not familiar with all those Scholars red team purple team and blue

team that's borrowed from military uh nomenclature red team is the attacking team blue team is the defending team and purple team is when there's an attacking side collaborating with a defending side it's the purple team so if you're buying a right team engagement the actual value is on phase three which is where we share with your team what we learned how we broke in where we were able to exploit where your holes are where your gaps are and teach you how to fix it how to prevent if you catch anyone there how you kick them out all those things so that's where the value is and phase four is the we call war games and I realized it's a little

Hollywood but keeps things exciting that's the retest so for example let's say on phases one and two we use this certain methodology to deploy the attack we're going to do it again with a different methodology so for example if we used Vision voice solicitation to gain access on phas one and two on War Games we're going to do something else like USB droing for example show of hands who's familiar with the USB droing here do you know what that is okay most of you know so just quickly if you don't know what that is we quickly set up a bunch of USB drives just go on Amazon buy a bunch set them up with some custom mware that you

created normally to obtain connection to connect with your systems put a label so let's say I'm doing at bid I'll put a bid logo on it and I'll go to the coffee station and drop on there put a label on it something that will pick your curiosity like layoffs 2024 or bonus 2024 new security manager 2024 or if it's let's say March and it's urgent layoffs March 2024 you find the the thumb drive what do you want to do with it well am I on that list no there is no list well you don't know that so you put in your computer that calls back to my budy in the parking lot and now we have a

connection between both of those computers so we try there are many different ways to do that on phase four we do something different than what we did on phases one and two now we have not been doing as many War Games as we would like to for various reasons maybe that will change in the future but that's the intent so a few months ago this customer comes to me and I he Christian so I I want to do a pen test with you guys I like oh do you I was like yeah all right well is it your first pen test was like no we've been doing pen test for five years we do it

every year like okay all right and do you do security awareness and all that and ask all those typical questions do you have this do you have that the answer was always yes so like okay suppose I can do another pen test for you but you're going to get similar results to what you had the last five years because it's going to be just more of the same why don't we try something different goes like well I I'm pretty sure I'm doing everything is there to be done like no have you done a red team simulation here what's that like oh glad you ask so I explain to him all of that that I just explained before phase the

methodologies and all that he goes like Oh that's interesting how long does it take so we we have that conversation and we get started so we get to the job only one point of contact uh point of contact at that customer firm and that point of contact was not a technical person you know those firms that the person that runs it is not the CIO sometimes the CFO sometimes it's some kind of other director this was one of those firms the person who was responsible for it and Technology was not the head of it it was someone on the financial side so their technical knowledge was fairly limited he just knew he didn't want to

end up in the news like all right fair enough High cyber security maturity as I mentioned and their primary goal was to obtain domain privilege escalation or access to business critical information um the nature of that company included possessing lots of those so it was a pretty big deal for them to make sure none of that was uh exfiltrated or anything like that and as a secondary goal transfer all that knowledge to their team all right so we got it all signed up got it all paper let's go so we start phase one go on LinkedIn go on their websites we start going through their uh all the uh the domains they had all the IP addresses we

could find that belong to them and we start documenting everything Tak screenshots and all that and then it started getting interesting because we found that there were a bunch of domain names that they forgot to renew in the last I don't know how many three four five years and they were just there legal names like real names domains that already belong to them so they already had a reputation established on Registries and such they just forgot to renew so let's say uh it was uh instead of nate.com or n.ca or anything like that were domains such as I don't know nate. PP or besides. NN like something generic but those like less known um domains

like okay well just in case let's register a couple of those for us so we we did that so all right so now we have a domain with the exact name of the customer but it wasn or mm or two letters that was fairly inconspicuous we got that and then as we keep creeping on finding stuff we found there was an actual clone website of an actual attack that we're hoping was about to take place or had a red taken place was there so we asked them they're like we have no idea where this is from like okay well someone's trying to hit you but we're here so we find that and then we're like all right

let's make a clone website put on that domain and let's create our own malware here and it's going to be a Windows update that's going to be our pretext so we do all that we prepare everything we now at this point so we have some people doing that technical research creating the mware setting up the website setting up the new domain meanwhile we have another group of people doing the social engineering phase so they're calling them and finding the names of people and email addresses so okay now we have everything we need let's start the attack so we do that and customer has no idea what's happening we we haven't told anyone yet so we design we find out the all the

the domain names we configured everything let's go so we start calling them we call the first one oh hi so and so uh this is Carl from from help desk we're all Carl there by the way that's the name we use for our social engineering this is Carl please bear with me here I'm new here but just trying to uh we deployed a security update last night and uh your computer didn't get the update so I just want to make sure you're secure here and so that was our story first person we talked to they're like called us some names hung up on us that's good could do with all the name calling but still that's okay I I'll take that's

good and we called second person third person that was that started getting interesting we call a person she answers the phone we tell the story she goes like oh okay well let's make sure um what do I need to do so well let's check if you have the update she checks if there's the update you can hear the keyboard there was no update of course we just made it up she was okay like okay well we have a a website here just get to the website give it the fake URL she gets in there it's the name of the company download the update and install guessing there clicks install window security alert that's the part we were not sure what was going to

happen because there it's you're going to click and if she clicks what kind of permission is uh configured on those workstations is it going to allow me to execute the the the binary is it going to allow me to install is it going to reject what's going to happen here so we're like this okay let's go let's go let's see what happens and she's goes there's security alert here what do I do just click accepted it's okay she's like all right click it gets worse she clicks accept the thing stalls all right well nothing happened here but it did because we got the connection back on our lab we're like okay I can see now that you

got your security patch here we're good to go thank you very much and then she goes you know what as I'm talking to you here I just realized one thing with my colleague sitting beside me she also didn't get security update last night and I'm like no well not me was not me making their couple we're like oh okay she goes like but it's okay I'm going to walk her through the process here so she goes ahead and install the installs the window security update and we get the other connection there and then we're like cuz the person receiving the connections is not aware of the phone call happening so it's like uh what's happening here I got a second

connection like uh don't worry about it it's should stop but then they kept talking and in total we got about four Connections in and we're a little worried now because again you need to be a ghost right so we don't want them to hear anything it has to stop so we stop calling we stop email we stop everything just let it go so now we have a connection but we need to make that connection persistent so meanwhile we had another group of people crafting a custom uh Windows of dll got to call it generically like that side load through that connection in a way that next time they restart the computer if everything worked sometimes it does

sometimes it doesn't and then you try again but everything working the new dll would then had a wrapper around it it would create a persistent connection with our lab so now we have persistent connection it did work and that was glorious so now we have persistent connection to the computer uh we had the four possibilities we just used one of them so it just had to start start playing with things and that from that point forward it's more or less like a penetration test you do your scanning you try to find vulnerabilities and try to exploit but you got to be slow so you don't get caught we found a vulnerability in their uh VPN

configuration the the templates for for the BP C action for the role attribute it was just clear text and he had user as a CER user so we start playing with different strings in there and usually we tried a string for like da the domain admin that worked and we were able to connect to their VPN as domain admin and from that point forward we did our uh asset Discovery we found okay where's the domain uh domain controller here created the users that we had to create assigned the permissions we had to to assign and now we have full control of their Network that's great but that's only half of the story not TimeWise but once we did all of

this we still need to deliver the news so up until this point nobody on the client side had any idea of anything that was happening so we called our guy first guy who called me uh when the engagement was about to start I go hey uh so I just wanted to give you a heads up here on the uh the red team and it was a very uh how do I say this assertive person and he was sitting down where we're all on camera he's the only person on his side obviously and he's sitting down like this kind of sitting back big smile oh yeah yeah sounds good yeah how how did that go so we start telling the story as

I'm telling the story I can see the his face dropping and his smile is going away and he's like just give me a moment here goes on mute grabs his phone and he's like this hangs up people start joining the call and then he comes off mute goes like oh hi this is my at team can you tell them the same story can you tell them the same story you just told me sounds good so we tell them the story they're like how did that happen so like well yeah we have uh have access to more more stuff than you'd have now cuz you're behind Windows security controls and we're not so we send them some

screenshots of their own computers and they were not very happy with that but then uh we made friends again we're like Okay so this has been all a contract exercise the next phase of this engagement is teaching you all how we got in how we exfiltrated which uh vulnerabilities we were able to leverage which where are the gaps here so we're going to teach you how to prevent and next time hopefully you kick us out uh when you catch and at this point the uh the manager asked how come nobody got any alerts in here allegedly and this is the part I'm not sure allegedly they got no alerts no notifications nothing at all so I don't know if they were trying to

cover the fact that they didn't pay attention to things or maybe their Sim was misconfigured and it was too noisy maybe they were getting too many notifications and they don't know what's uh what's what is this like a real notifications is What's Happening Here misconfigured Sim which is if you need help with that Talis can help it too but that's something else so allegedly they got nothing to be determined but that was the story they told to the boss and to us so for next steps we did a series of purple team workshops with them webinars and sessions somewhere 101 somewhere with a group and we transferred all the knowledge War Games was defer this time

uh this customer did not have war games in place they needed a lot of time to train their people to replace reconfigure some of the technology and they chose to go with it and replace the EDR uh with a new one because apparently the other one now this is another another thing I'm not sure if the existing EGR was properly configured and the IT team was just trying to cover their like you know uh or if they and blaming in the EDR or if in fact the EDR was properly configured and they just needed something better because it should have got when the Sid loaded zll s the new process making the persistent connection it should have

caught but it did allegedly didn't a a proper ADR would have caught when we registered the domain with their names you get a notification that the domain was it allegedly they didn't get that so those are the things that I don't know but neither do your customers apparently right so no not yet I thought I had a conclusion slide in there as as the conclusion for this story is that sometimes despite of on paper you're doing everything right you still need to trust your people to be doing the right things you still need to trust the technology they invested so much money what properly configured is being properly monitored and all that I was having a conversation

like with someone earlier today and he was telling me how oh yeah we just implemented these uh this new um uh IDs intrus detection system and it's so great and this and that and how much it costs and whatnot like yeah it's good and then you have your user put in a password on a posted note here on the monitor right this is actually funny not too long ago a friend of mine I'm just working minding my own business I got a text message with a photo it's a photo of inside a drawer with a posted note and a a password in it I'm like what's that and she goes like just showing you that I'm cyber security aware and I keep

my posted notes with my password inside my drawer and I'm thinking what's the appropriate should I say nice job should I just hang up what do I do well it's a text message you can hang up but what do I do now I I just LOL and all right anyways sometimes we just have to let go I need to learn that but there you have it want to keep it secure make sure you have your people well trained your Tech technology well configured if you need help with any of that we have all of that at tell us give us a call give us a shouts chances are well chances are everybody in Canada is a Tellis customer in some

capacity we'll help you out with your cyber security needs and if you need any new hardware we can do that as well thank you so much for watching and I'll see you next time

please if we ask um please we I don't know I I believe most of us we have question um we still have some time um yeah yeah so any question yeah

yeah um hi Christian hi uh just a quick question uh on the difference you mentioned between uh red team simulation and pentesting um even with the red team simulation you mentioned you have to be ghost but still like someone would know that you are performing this pentesting right so ideally no more than one or two people CU there's someone who signed the contract sometimes the person signing the contract is my mind to want yeah okay sometimes the person signing the contract is the same person paying the contract in that case that one person is good just that one person that needs to know sometimes depending on your organization it's different people pest it everybody knows sometimes

we block time for it sometimes we agree to do after hours let's say it's a big website e-commerce or a banking website whatever right you don't want to disrupt your customers or your staff so we do it after hour so everybody knows on a pentest on your red team Mom's the Word yeah hello sir uh I have a I'm n and nice meeting you I turn on so yeah yeah uh so just a quick question on U because we are seeing so many supply chain attacks um is there like um in red teaming there there is like anything which is closely related to supply chain or is it um something uh you know which could be done as a

simulation um there are a few things that could be done and I'm assuming you're referring to the recent uh things that we saw happening with pagers there are certain things that could hypothetically be done but when it comes to exploding things it's a little difficult to do that in a non-destructive fashion but uh depending on the supply chain depending on the test uh if it's something digital that only involves checking if someone clicked on a link we can track that back or someone walked into a place we can find that too but when it comes to actual physical stuff it can be more restrictive but Case by case yeah that kind of stuff yeah excuse me just a clarity here uh

when you were talking about uh registering a domain that's closer to what they have you found out that some other people had created one 11 to be honest to to be precise to that mimic the original one yeah so in that process I don't know I think the is still not required of you to stop your own exercise and inform them of your finding so they can investigate that first and find out if someone is trying to if this was a pen test sure it was a pen test yes it was not yeah you got it hello this from here it's not a security related question but a question from your experience and I'm sure that people uh

people are going to find it incising uh you were sharing your begins about uh the Wi-Fi scanning the service that you are performing for your client did you have any game plan what if the God had actually stopped you I'm going to be very short with this answer no run hey Live Free or Die Hard right no I didn't have a plan luckily I didn't need one one but uh yeah yeah thank you very much once more Chris and um you we agreed to me that it was a very power fact okay just a minute just a minute just now with the example you gave the weakest link always the usest so it this equation uh apart from security a

trading that the spirit team can actually name the users is there any other thing you recommend that's the we oh yeah don't trust anyone we're all liars if you're not sure go talk in hopeful preferably in person or a phone call uh someone that you know from your team or from your it team uh funny one that involves someone who works in our team here uh Jacob here is one of our P trasers here a while back I had to buy something and our corporate crowds will have some limits so I ping him on our internal chat Jacob sorry got a got can you just buy this on your corporate card he goes like sure can let's authenticate

this on a video call so get on a video call like I couldn't be more proud of you so that's the recommendation don't trust anyone oh but was our work chat who knows right so yes trust anyone um okay thank you once more Christen you're welcome on behalf of the um

if you still have more question you can meet him um I'm sure he opens to more question can ask more question

other yes I have a question so of course in your exam know I mean during the the r testing right at the end you guys got the domain and the main accet right how did you guys do that I mean you just you know they downloaded the update right you get the connection I mean y kind of make the always load no when we when we were able to modify the uh the VPN connection template or the VPN connecting template that allows us to connect as the main admin because usern are credential text you can read that really misconfigure technology oh okay that all goes in the report