Training Red Team

Training Red Team

From BruCON 2012

Jump to: navigation, search

[edit] Red Team Testing by Ian Amit and Chris Nickerson

Red Team testing is the pinnacle of security simulations. It is the most accurate and realistic scenario an organization can use to see how it really fares up against a real-world attacker, without taking the risk of an actual breach or loss.

In this training, you will learn how Red Team (or full scope) testing works, how to create a methodology for using a red team test not just as a one-off "see how I got in" case, but as a repeatable test with metrics and actionable results. We will go through all elements of a red team test, from planning and scoping, intelligence gathering, target selection, vulnerability analysis, risk analysis, exploitation and execution, resource usage and ad-hoc agent deployment, post-exploitation, documentation and recording of evidence, damage analysis, and reporting.

The training will arm you with not just tools and techniques, but a sustainable methodology which you could update as new tools and techniques are introduced.

[edit] Trainers Biography

With over a decade of experience in the information security industry, Iftach "Ian" Amit brings a mixture of software development, OS, network, and web security expertise to his role as an IOActive Director of Services. Prior to IOActive, Ian was the VP Consulting for Security Art. Ian also held Director of Security Research positions with Aladdin and Finjan, leading their security research while positioning them as leaders in the web security market. Ian has held leadership roles as founder and CTO of a security startup in the IDS/IPS arena, where he developed new techniques for attack interception, and as a director at Datavantage, where he was responsible for software development, information security, and designing/building a financial datacenter. Prior to Datavantage, Ian managed the Internet Applications as well as the UNIX departments at the security consulting firm Comsec. Ian founded the local DefCon group in Tel-Aviv, DC9723, and also is a founding member of the Penetration Testing Execution Standard (PTES) and the IL-CERT.

300px-twitter-icon.jpg @iiamit

Chris Nickerson is a Certified Information Systems Security Professional (CISSP) whose main area of expertise is focused on information security and Social Engineering. In order to help companies better defend and protect their critical data and key information systems. He has created a blended methodology to assess, implement, and manage information security realistically and effectively. At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing and vulnerability assessments, to policy design, computer forensics, Social Engineering, Red Team Testing and regulatory compliance. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. Auditor for SOX compliance at KPMG, Chief Security Architect at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm.

300px-twitter-icon.jpg @indi303

24 & 25 September (09:00 - 17:00)


Back to Training Overview