@x0rz @jfslowik agree. 'Hey we pwned you because we threatened legal action against the orgs who provide your defence' is not a good red team result.

@x0rz @jfslowik or refuse to disclose missed elements of successful tests so that blue teams are completely in the dark about how to improve. Not all red teams are like this-some are great-but I’ve seen it enough to have an extremely dim view of that part of the industry and their actual value to securing networks

@x0rz @jfslowik I agree that defense teams should be able to analyze the tools, but I’ve seen them just block our IPs, domains, or our in house implementation of an exploit or exfiltration method without patching the vulnerability or blocking the method. 9 times out of 10 I can switch IPs or reobfuscate strings and recompile a tool. So it makes more work for me without making them any more secure.