Hey all,
I was just wondering about some in-house pentest best practices or at least brain storm some ideas. Some people I was talking to wanted to throw everything at the target machines, but I don't think that would be good since its so many logs would be coming in.
I'm thinking to select a certain type of attack for the target systems and make use cases in security systems surrounding the events.
Hey, @Spookhouse
Ultimately, YMMV, but...
I would go for the full pentest. Sure, it might generate a bunch of logs, but I'd also have a better idea of where the weaknesses are in my systems. Plus, I get to keep the logs and could then develop better mechanisms for log aggregation, normalization, storage, etc and then use that log info to set up better detection and alerts.
ITProTV
Show Host
Yeah I was discussing that with the team as well. I pitched the idea of having a box or group of boxes that has the latest image that IT puts out and throwing everything we can at it. That way at least it's controlled. Just trying to get ideas to set up best practices of in-house pentesting to compliment third party pentests.