Red Teaming vs. Pen Testing: Real War Stories Revealed! #shorts

With red teaming, the difference is that um you get an objective. So Moritz and I are going to talk to you about um our physical red team war stories basically. Um it's not going to be a very deep technical talk. We're going to go over some little technical details here and there, but it's not going to be very uh elaborate. So the agenda for today is basically we're going to introduce ourselves a little bit introduce Envo very briefly and then um give us a quick uh give you a quick background about the difference between pentesting and red teaming and then afterwards we're going to jump straight into the stories and at the end we're going to do a quick uh takeaway

and Q&A session. Um so yeah all the story details like names, locations and everything are anonymized. We have uh a lot of pictures that are AI generated just to keep the anonymity. Um so me I've been at Envo for almost 5 years now and I do only red teaming. So um basically like 90 to 95% red teaming. >> Right. Uh my name is Mo Sumas. Let me also welcome you to our talk. Uh I've been with Invisa for four years now. Started out as a pentester then became a red teamer. uh nowadays while I focus on doing R&D in the red team space uh every now and then I get to work on on other

projects right and on more exotic projects and on more exotic scenarios and one of those are the physical projects you got that we got going on and you will hear a whole lot of that in this talk um so who is in Viso and Viso has been around since 2013 and um we have spread to basically from Belgium to Germany to Greece uh and Austria and we have like I think it says 270 expert but um at the moment we have over 300 experts um in Europe and basically we do the whole range of cyber security stuff. We do red teaming, we do pentesting, blue teaming, we have uh strategy and architecture um compliance everything um about cyber

security basically. Um so a quick background so for the people that don't know yet um the difference with pentesting and red teaming is basically um pentesting you have for example a web application that a customer gives you or another application and they say test this please and just report as many vulnerabilities as you can. So there's no stealth. They know that you're doing the exercise and they expect uh that you find hopefully a lot of vulnerabilities. With red teaming the difference is that um you get an objective like for example a bank says hey we have this internal application