tail var/log/penetration-testing.log
[2019-09-16T14:52:34-07:00]

Penetration Testing is evolving

“Purple Teams,” are an opportunity for the Red Team (Penetration Testers) and the Blue Team (Defenders/Network Admins) to sit down and learn from each other.

CI Security has been performing Purple Team engagements, or some version of collaborative penetration testing, since they started technical testing four years ago. Recently, a medium-sized manufacturing and retail customer wanted a Purple Team engagement to address their PCI and internal security requirements. This customer was keen to quickly remediate discovered vulnerabilities and quickly learn from the exercise.

Within an hour of plugging into the network port in the conference room, the CI Security Penetration Tester was capturing hashed passwords. He cracked the passwords and then used the network access to deploy simulated malware. The Network Admin identified the malware and immediately remediated after discussing with CI Security.

CI Security later noticed the anti-virus software in use at this client was ineffective at stopping common attack tools or simulated malware payloads. The consultant discussed this with the client and reviewed the client’s plans to migrate to a new and more effective anti-malware engine.

With each finding and attack path, CI Security took the opportunity to explain to the client the vulnerability, the exploit, and the potential impact. And with each finding, the client was able to discuss mitigation plans and even deploy in real-time simple mitigations to thwart attacker tradecraft.

Organizations that test the technical vulnerabilities of their infrastructure get critical insight into their environments quickly. CI Security can conduct regular Penetration Tests or a Purple Team exercise for you

“The System Administrator was learning as we performed the Penetration Test. The engagement provided them a real-time simulated attack with which to prioritize their patching and network changes. This client was decreasing their cybersecurity risk with each finding,” said Jeremy Johnson, CI Security’s Director of Adversary Replication and Detection.

Jeremy Johnson

Director of Offensive Security at CI Security

Get in touch with our team