Discover this podcast and so much more

Podcasts are free to enjoy without a subscription. We also offer ebooks, audiobooks, and so much more for just $11.99/month.

53: Offensive security at Meta’s Red Team X

53: Offensive security at Meta’s Red Team X

FromMeta Tech Podcast


53: Offensive security at Meta’s Red Team X

FromMeta Tech Podcast

ratings:
Length:
42 minutes
Released:
Jun 29, 2023
Format:
Podcast episode

Description

Red Team X is a security team at Meta that is responsible for finding and exploiting vulnerabilities in third-party products that could impact Meta's own security. The team acts as a hybrid between a traditional red team, which focuses on probing their own organisation's systems and products for vulnerabilities, and an elite bug-hunting group. The team was founded by Vlad I. in 2020 when the pandemic and the sudden shift to Work From Home challenged various previously-held assumptions about security. In his discussion with Pascal, Vlad explains the roles of different security teams within Meta, how they go about prioritising the highest-impact targets to exploit and how they work with vendors to ensure not just Meta but the entire world benefits from the fixes produced. Got feedback? Send it to us on Twitter (https://twitter.com/metatechpod), Instagram (https://instagram.com/metatechpod) and don’t forget to follow our host @passy (https://twitter.com/passy and https://mastodon.social/@passy). Fancy working with us? Check out https://www.metacareers.com/.   Links: The Diff episode about Velox: https://thediffpodcast.com/docs/episode-17 Risky Business Podcast: https://risky.biz/ RTX Blog: https://rtx.meta.security RTX Disclosures: https://rtx.meta.security/bugs RTX in WIRED: https://www.wired.com/story/facebook-red-team-x-vulnerabilities/   Timestamps: Intro 0:06 Vlad Intro 1:55 Red Teaming 2:43 Staying up-to-date 6:34 Different team colours 10:02 Defence-in-depth 12:44 Red Team X 15:57 Hardware v Software 19:43 Focus areas 21:29 Prioritising requests 22:44 Notable RTX Disclosures 26:05 Vulnerability disclosure policy 28:52 Getting into offensive security 38:48 Outro 40:51  
Released:
Jun 29, 2023
Format:
Podcast episode

Titles in the series (67)

Brought to you by Meta. In addition to remaining active in the open source community and conference circuit, this podcast offers another channel that allows us to highlight the technical work of our engineers who will discuss everything from low-level frameworks to end-user features. Throughout the podcast, Meta engineer Pascal Hartig (@passy) will interview developers in the company.