What's Your Confession?

Made phishing email for internal training but accidently sent it to real client. Apologized and blamed 'server glitch'. awk

Ran Wireshark on work network and ended up with WAY more browsing data than expected. I deleted it fast and pretended never happened.

Wrote Python script to automate work tasks it crashed overnight sent ceo 1000+ emails had a rough next morning ngl

I was working for a central bank and I found a way to invent money, which in itself is quite scary, but I also found a way that you could invent money and transfer it out of the bank to an external bank account via backs, which means once I left the environment it was clean. So, I could invent as much money as I like and could make myself a very rich man if I had gone through with it.

Patched VULN and bragged about it for days until I realised I'd forgot to restart the service fix did nothing lol

Changed firewall rules at 2am and briefly locked myself out told team was a 'planned outage' got away with it tho

Set up honeypot at work but forgot to whitelist our vuln scanner. I spent the morning chasing my own alerts,

We did a red team of a large organization - broke in, gained access everywhere and were able to do whatever we wanted. We debriefed the C-suite and legal council, who seemed shocked and angry. When we asked if they needed anything else from us, they told us to delete the report and never speak of it again. The scary bit wasn’t because they didn’t want us to have a copy of the report, it’s because they wanted to bury it and pretend they never did.

From a blue team perspective, it would be nice to see more people being aware of just how valuable they are. In a lot of orgs that I have been at historically there is this talk of its a cost to the organization. While it is, it is also a way of saving revenue for the organization. I think that is a better way of looking at it.

An organization that had been compromised by a sophisticated attacker brought in my old defensive team to have a look and give them some idea of how I would break in if I were going to it. Within half a day, I had written an eight-step plan of exactly how I would target them and go from an external attacker with no knowledge to a complete compromise of their domain.

Did a live demo and accidently screenshared notes called passwords DO NOT SHARE acted casual like I meant it

It doesn't always matter how many red teams you’ve done, the blue team is always going to be mad because well, why wouldn't you be? Literally someone has hired a company to come in to prove you can’t do your job right and overcoming that little piece there is the biggest win you can get.

I think cyber as an industry, we focus so heavily on the red team, while the purple team historically hasn't always been great. You see quite a lot of ego across the cybersecurity industry, which is fair. You've got very high level professionals, and so bringing those teams together, historically there's always been a bash where red teams and blue teams don't understand each other, don't like each other, they are in competition.

Unlike red teams, blue teams are looking after the whole gambit of the network. From my experience of looking after blue teams, we are not only did the internal infrastructure we also sold it commercially as well, so you constantly have your hair, if I had any, on fire.

Historically, we have seen so much beyond fire that blue teams haven't always had to prove capability. It has been a case of they are knee deep in incidents all the time and so they always prove by doing and it's not always obvious who the “do-ers” are.

I was the guy that was available 24/7. If something happens at 4:00 in the morning, you have to make a split-second decision as to what you're going to do. Even if it's an easy week, you're still going to be in that mindset of being on call. You're not really sleeping because you're constantly thinking,"Is my phone going to ring?" And then you're second guessing yourself, because you've got that split second to make a decision.