
ANDREW BINDNER
CSO & Lead Security Engineer

Most organizations belonging to cyberspace have experienced a shortage of cybersecurity experts. Also, reliance on legacy systems is still rampant. Further, third-party vendors have access to these systems that typically have weak passwords and misconfigurations. The strengthening threat landscape, amplified by massive tech layoffs, led to a shortage of experienced cybersecurity experts. Companies continue to rely on automated scanners that cannot perform manual penetration testing, lacking the “human element,” leaving IT professionals with a false sense of security. The modern IT landscape and attack surface requires an entirely different approach. Fundamental changes are needed. Among the companies spearheading the transition to a more secure world is Redbot Security.
Redbot Security is a boutique penetration testing firm with a team of highly competent Senior Level Engineers based in the United States specializing in delivering ‘Manual Penetration Testing Services’ or ‘Ethical Hacking’ across multiple sectors. Redbot Security’s team specializes in testing critical infrastructure. Generally, these systems are not inherently complex. However, many penetration testing companies do not know how to execute these tests safely. Redbot Security offers a layered holistic approach to testing, using kid gloves to ensure these systems continue to operate as planned, preventing a potentially catastrophic event. Penetration testing results driven by newer Artificial Intelligence (AI) platforms can be a solid part of an inhouse vulnerability management program but do not offer absolute protection against malicious threat actors in the same capacity as manual penetration testing.
Having a company, such as Redbot Security, perform manual penetration testing provides a deeper contextual understanding wherein consultants can employ their expertise to manipulate systems and services in patterns more aligned with Advanced Persistent Threat (APT) actors. “Redbot Security is small but mighty. Redbot Security has assembled a team of seasoned veterans, some with over 25 years of experience. Our engineers come from all walks of life and bring real-world knowledge gained through blood, sweat, and digital tears learning the ins and outs of technology as it evolved. The senior security engineers employed by Redbot Security are active community members, public speakers, and advocates of developing security practices. Our highly certified team of experts have spoken at conferences worldwide, hacked cars live on TV, taken over cities, and performed penetration tests for nearly all industries and verticals,” says Andrew Bindner, CSO and Lead Security Engineer.
Redbot Security can assess the overall security posture, prioritize risks, and provide valuable insights. AI has limitations and cannot chain complex information across the network to provide a comprehensive attack path to the target and attack multiple systems efficiently outside password guessing and Pass-the-Hash techniques. Also, AI-driven platforms focus on operating systems and cannot thoroughly test embedded systems due to the pre-defined algorithms and patterns used to identify vulnerabilities. Furthermore, the design of AI and vulnerability scanning platforms cannot account for evasion. Redbot Security performs advanced evasion techniques to ensure an organization’s defense systems are fine-tuned and alerting properly. Redbot Security takes time to ensure all testing parts are understood and remediation efforts work for an enterprise rather than pre-canned statements offering little direction.
“Our manual penetration testing ensures that developers and system administrators are not spending extra time attempting to validate false positive findings. Redbot Security is focused on providing the industry’s best customer journey. Our team is aligned with our vision and core values that keep us on track. Our firm is built on an impressive range of core values like Transparency, Reliability, Accountability, Consistency, and Kindness,” stated Brian Stearns, CEO of Redbot Security. In a recent engagement, Redbot was assigned to perform a simulated attack on a City’s OT network, including an onsite internal network penetration test. The purpose was to create an unbiased, point-in-time evaluation of internal network security posture while identifying exploitable vulnerabilities. Redbot Security quickly identified four critical and four high-risk vulnerabilities, mostly centered around weak passwords. All password hashes were extracted from the NTDS.dit via a domain controller. Redbot Security identified an application transmitting credentials via an unencrypted connection during the reconnaissance phase of this episode and ultimately gained complete control of the systems.
“We are currently in the development process of our new scalable cybersecurity platform called Cymbiotic™. Alpha is complete, and the Beta phase is nearing completion as well. We have begun using the platform internally, testing and preparing to launch client-facing access, enabling multi-security elements to operate from one centralized application. Our new Cymbiotic platform, powered by Redbot Security, provides complete management and oversight of security elements, moving industry to a safer, more secure world.” concludes Stearns.