Rant

  • Creator
    Topic
  • #3967709

    Nightmare Experience With Redbot Security / Penenetration Test

    by phillyphantoms2022 ·

    I’m fairly new to my company and recently, my boss had a pentest performed and he searched for a pentesting company on Google and one of the first selections that came up was “redbot security.”

    Never really heard of them and at the time, I didn’t have a say in his choice or even knew he was choosing a company for a pentest. I guess at first glance to my boss, Redbot Security seemed like a legitimate pentesting company but what I found out was quite concerning.

    So the first page on Google had this company but the site was just a blog post about the best / top rated pentest company and of course, it was Redbot Security’s own blog post. (red flag)

    Looking at this post I realized that it was just a blog post with every imaginable keyword related to penetration testing, etc etc. For example, “Important Penetration Testing Checklist when searching for the Best Penetration Testing Company for your Project.”

    I also realized now after getting various Statement of Work (SOW) documents and quotes from other companies that Redbot uses a lot of wording from other companies. For example, when they describe their toolsets, in their “Redbot Security Featured Penetration Testing Services: Internal Penetration Testing”, it was a word-for-word copy of Rapid7’s wording with what tools they use. Weird?

    I also found that they don’t have a giant pentesting team like the manager claimed on the phone.

    The results? A pentest report full of false positives and worse, they didn’t catch the actual vulnerabilities that were there. When I brought this to the attention of the owner, he threatened us with legal action for mentioning to anyone. Crazy stuff and a hard lesson learned.

You are posting a reply to: Nightmare Experience With Redbot Security / Penenetration Test

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Comments

  • Author
    Replies
    • #3970094

      Redbot Security Launches 2022 Manual Controlled Penetration Testing Proof

      by bracepil57 ·

      In reply to Nightmare Experience With Redbot Security / Penenetration Test

      DENVER, May 02, 2022 (GLOBE NEWSWIRE) — Redbot Security has announced the release of their 2022 reporting and testing framework for Manual Controlled Penetration Testing. MCPT’s hybrid approach to penetration testing sources industry-leading frameworks and combines senior-level talent with over 20 years of experience to customize all client engagements. Some frameworks and testing guides leveraged by Redbot Security now include:

      NIST Special Publication 800-115
      PCI Penetration Testing Guide
      Open Web Application Security Project
      OWASP WSTGv4
      OWASP Top 10 Lists
      OWASP Security Projects
      Pentation Testing Execution Standard (PTES)
      Open Source Security Testing Methodology Manual (OSSTMM)
      Information Systems Security Assessment Framework (ISSAF)
      MITRE ATT&CK Framework

Viewing 0 reply threads