Time Remaining in the Year: 2 months 9 days 10 weeks 70 days 1,680 hours Our calendar is filling up with customers booking trying to get their Annual Pentest completed before the end of the year. If you're looking to get on the schedule contact us on LinkedIn or via email Sales@redthreatsec.com
About us
Red Threats core principle is Don’t Forget to Have Fun. Cyber Security isn’t a job for us, it’s an obsession. We aren’t looking to get rich or retire early. Red Threat was created to satisfy the hunger of our engineers to apply the years of dedication and expertise against some of the best Defenders in the industry. Red Threat was born out of a passion for delivering the highest quality of service and integrity in everything we do.
- Website
-
redthreatsec.com
External link for Red Threat
- Industry
- Computer and Network Security
- Company size
- 2-10 employees
- Headquarters
- Oklahoma City, Oklahoma
- Type
- Privately Held
- Founded
- 2022
- Specialties
- Penetration Testing and Red Teaming
Locations
-
Primary
Oklahoma City, Oklahoma 73099, US
Updates
-
Red Threat reposted this
I'm excited to share I'll be presenting at Hack Red Con this year. If you're going to be there come check out my talk on 10/26/24 @10am Track 1
-
Red Threat reposted this
A huge thanks to InfraGard Oklahoma and the IWS team for putting on such a great event! I appreciate everyone that squeezed themselves into my talk on hacking Traffic Control Systems, we had people standing in the hallway and sitting on the floor! I can't wait for next year.
-
Red Threat reposted this
If you liked my blog series on hacking Traffic Control Systems, you’ll love my talk at #IWS17. I’ll be sharing all the details that were too juicy to be posted online.
-
If you’re coming to Information Warfare Summit stop by our booth, bring your HackRF and Capture the Crane.
Proof of concept demonstration exploiting an Industrial Crane Remote. A customer had a number of these connected to gantry cranes in a production environment. We purchased the exact hardware online and recreated their setup. We found that communication between the remote and controller could be captured and replayed using a HackRF. Upon further investigation we found that the majority of controllers for sale were knockoffs of the 2016 TeleCrane controller. While we hoped for another CVE, the vulnerability was reported 6 years ago as CVE-2018-17935 and was patched in the legitimate product but not the counterfeits. This is a good argument for buying name brand and how trying to save a few bucks using counterfeit products can put you and other individuals at risk. Full blog post on the build and process coming soon.
-
Red Threat reposted this
Come hear Andrew Lemon provide an Intro to Hacking Traffic Systems at IWS17!
-
Threat actors make mistakes too. This talk is a deep dive into exploiting those mistakes and exposing the tradecraft we learned along the way. We'll be sharing all the TTPs and zerodays we uncovered.
If you're coming to BSides Oklahoma make sure you don't miss this talk. I'll be sharing stories ranging from disrupting ransomware operations to accidentally stumbling into more than one active Nation State CyberOP.
-
Just because you aren't doing attack surface monitoring doesn't mean your adversaries aren't.
OOPSsec - Exposing your attacker infrastructure to the internet and leaving clear text creds in log files. Just because you aren't doing attack surface monitoring doesn't mean your adversaries aren't. We stumbled across a login portal for Asset Lighthouse System that allows end users to configure domains and assets to monitor for vulnerabilities and misconfigurations. The adversary in question here has set up multiple alerts and scans across 100s of websites. We typically see this kind of configuration with bug bounty hunters and nation states with bad opsec. Link to the github repo for the tool in the comments.
-
Knowing your attack surface and your systems is the first step to securing them. The worst time to update your documentation is during a breach.
Do you know how to kill your network? After taking care of people, the next question I ask customers on a breach is if they have network maps and if not we whiteboard it out. This will determine where we put our network monitoring sensors and make sure we shutdown unauthorized access. Here are 2 examples of times customers thought they killed their network only to be surprised in the middle of a rebuild. Incident #1 Customer said they shut down the firewall, but weren’t so sure after getting ransomed again halfway through their rebuild. Turns out the Mssp disabled the inbound and outbound firewall rules but left the VPN up allowing the attackers unrestricted access. Incident #2 Customer physically disconnected the firewall. After deploying EDR we were still seeing attacker activity. The customer had a forgotten “branch office” connected by mpls and the attackers had gained entry through rdp open to the internet on that system.