Red And Tiger Team (Brucon 2009)
|
|
|
||||||||||||
Description:
This talk titled "Red and Tiger Team" was given by Chris Nickerson at Brucon 2009. You can download the presentation here.
Abstract: The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war?
To find out, we must do as Sun Tzu taught. "Think like our enemy!" That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn't it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads... literally. It is only a matter of time before corporations fall from the raw effectiveness and lack of preparedness for this all too common attack.
Author Bio: Chris Nickerson is a Certified Information Systems Security Professional (CISSP) whose main area of expertise is focused on Red Team Testing and Social Engineering. In order to help companies better defend and protect their critical data and key information systems, he has created a blended methodology to assess, implement, and manage information security realistically and effectively. At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing, Application Testing and Vulnerability assessments, to policy design, Social Engineering, Penetration Testing, Red Team Testing and Regulatory compliance testing. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. IT compliance at KPMG, Chief Security Architect at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris is a member of OWASP, ISACA Denver and is also a featured member of TruTV's Tiger Team, a reality television program showing the activities of actual penetration tests and active assessments. He is also co-founder and host of the Exotic Liability Security Podcast, www.exoticliability.com.
Abstract: The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war?
To find out, we must do as Sun Tzu taught. "Think like our enemy!" That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn't it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads... literally. It is only a matter of time before corporations fall from the raw effectiveness and lack of preparedness for this all too common attack.
Author Bio: Chris Nickerson is a Certified Information Systems Security Professional (CISSP) whose main area of expertise is focused on Red Team Testing and Social Engineering. In order to help companies better defend and protect their critical data and key information systems, he has created a blended methodology to assess, implement, and manage information security realistically and effectively. At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing, Application Testing and Vulnerability assessments, to policy design, Social Engineering, Penetration Testing, Red Team Testing and Regulatory compliance testing. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. IT compliance at KPMG, Chief Security Architect at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris is a member of OWASP, ISACA Denver and is also a featured member of TruTV's Tiger Team, a reality television program showing the activities of actual penetration tests and active assessments. He is also co-founder and host of the Exotic Liability Security Podcast, www.exoticliability.com.