Trolling the Red Team (Part 1)

Posted: 2014/01/27 in Uncategorized

Hey looks its a Red Team!
Here they come with a few hours of work & a report that will hopefully provide more valuable information than “Here is what Nessus Found”.

A simple way to test any Red Team’s worth is with a good trolling and disinformation effort once the engagement is underway.  Good testers will be able to bypass the scripties with some manual testing and validations for any findings, and lazy testers will waste a lot of time spinning their wheels on a wild goose chase.

With this in mind we created a few ‘Anti-Pen’ test tools if you will. The entire toolkit is called the Crimson Kool-Aid Toolkit. The other tools in the toolkit will be released with later articles.

So for now here is the first tool:

‘Rusty Web Server: a simple python script to spoof web server versions’
Get it @ https://github.com/thesecuritypimp/rustyweb

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s