
Exploiting the Exploiters - zynkb0a
https://medium.com/@curtbraz/exploiting-the-exploiters-46fd0d620fd8
======
zynkb0a
While I don't work on a red team, it does seem to me that an organization
should vet software used by their red teams via the same processes that they
use to make risk determinations regarding any other software run on
organization systems.

Is it a trend to just "let red teams go to town" without their strict
compliance to existing security processes? Are software titles to be used
usually included in a statement of work or when negotiating the scope of an
engagement?

