Summary
In this conversation, John and Greg from White Knight Labs discuss their backgrounds and the work they do in red teaming and penetration testing. They explain the difference between red teaming and pen testing, with red teaming being more focused on mission objectives and crippling a business, while pen testing is more about finding vulnerabilities and misconfigurations. They also discuss the skills and knowledge required to become a red teamer, including a background in sysadmin or software development, networking knowledge, and experience in pen testing. They recommend certifications such as Certified Red Team Professional and Certified Red Team Expert, as well as courses on redirectors and offensive development. In this conversation, John Stigerwalt and Greg Hatcher discuss various aspects of red teaming and physical security. They emphasize the importance of teamwork and diverse skill sets in red team operations. They also highlight the challenges and grueling nature of red teaming, as well as the misconceptions surrounding it. The conversation touches on the use of AI in security, the practice of assuming breach, and the courses offered by White Knight Labs.

Takeaways
Red teaming is focused on mission objectives and crippling a business, while pen testing is more about finding vulnerabilities and misconfigurations.
A background in sysadmin or software development is recommended for aspiring red teamers.
Networking knowledge and experience in pen testing are important skills to have.
Certifications such as Certified Red Team Professional and Certified Red Team Expert can be beneficial.
Courses on redirectors and offensive development are recommended for learning the necessary skills. Red teaming requires a diverse set of skills and a team approach.
Red teaming can be grueling and data-intensive, with a focus on blending in and accessing file shares.
Physical security assessments often involve challenging and uncomfortable situations.
Getting started in physical security can involve courses like Covert Access Team and Optiv's course.
Assume breach is a valuable mindset to adopt in security.
White Knight Labs offers courses on offensive development, advanced red team operations, and offensive Azure operations and tactics.

Takeaways

• Red teaming is focused on mission objectives and crippling a business, while pen testing is more about finding vulnerabilities and misconfigurations.


• A background in sysadmin or software development is recommended for aspiring red teamers.


• Networking knowledge and experience in pen testing are important skills to have.


• Certifications such as Certified Red Team Professional and Certified Red Team Expert can be beneficial.


• Courses on redirectors and offensive development are recommended for learning the necessary skills. Red teaming requires a diverse set of skills and a team approach.


• Red teaming can be grueling and data-intensive, with a focus on blending in and accessing file shares.


• Physical security assessments often involve challenging and uncomfortable situations.


• Getting started in physical security can involve courses like Covert Access Team and Optiv's course.


• Assume breach is a valuable mindset to adopt in security.


• White Knight Labs offers courses on offensive development, advanced red team operations, and offensive Azure operations and tactics.

Resources:

• White Knight Security Website

• https://whiteknightlabs.com/training/

• https://www.linkedin.com/in/gregoryhatcher2/

• https://www.linkedin.com/in/john-stigerwalt-90a9b4110/

• https://x.com/WKL_cyber

WKL Courses:

• Advanced Red Team Operations Course (ARTO) https://training.whiteknightlabs.com/advanced-red-team-operations/

  
  



• Offensive Development Course https://training.whiteknightlabs.com/offensive-development-training/

  
  



• Offensive Azure Operations and Tactics Course https://training.whiteknightlabs.com/offensive-azure-operations-tactics/

  
  



• Educators and Tools:

  
  
  
  

  • Travis Weathers physical pentesting courses: https://physicalexploit.com/