es that would be ideal but unfortunately there is always pushback due to perception of privacy impact to staff / employees and also risk of accidentally nuking the entire organization due to "unexpected changes". You can try though and I wish you luck getting executives to sign off on that risk. Or you could just buy Immunity Innuendo for $50K or Cobalt Strike with beacon for about 1/10th that and get close to "APT simulation"...
On Tuesday, October 27, 2015, Konrads Smelkovs <[email protected]> wrote: > In my view, security improvements in organisations are driven by breaches > and red team exercises/pentests. While breaches give hard lessons learned, > red teams often don't and that's because we reward red teamers for a > "domain admin" rather than longer term persistent access. > > This is what I call reach for the sky/rocket launch: you get domain admin, > get a screenshot of CEO's e-mail and declare job done. In reality, a good > simulation would be to "stay airborne" - take a screenshot of CEO's > e-mail/exfil PST every week. > > That's not to say that there isn't a scenario where desctruction of assets > is the end-goal of an attacker, but even then, I would argue that red > teamers ought to put an .exe in autoruns for every PC they wish to have > done a simulated wipe. > > > > -- > Konrads Smelkovs > Applied IT sorcery. > -- Regards, Kristian Erik Hermansen https://www.linkedin.com/in/kristianhermansen https://google.com/+KristianHermansen
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
