Comment by TheSpiceIsLife
4 years ago
A real world red team?
Wouldn't the correct term for that be: malicious threat actor?
Red team penetration testing doesn't involve the element of surprise, and is pre-arranged.
Intentionally wasting peoples time, and then going further to claim you weren't, is a malicious act as it intends to do harm.
I agree though, it's fascinating but only in the true crime sense.
Totally agree. It is a threat, not pen testing. Pen testing would stop when it was obvious they would or had succeeded and notify the project so they could remedy the process and prevent it in the future. Reverting to name calling and outright manipulative behavior is immature and counterproductive in any case except where the action is malicious.