Difference between revisions of "Spring Training 2015 - Red Team Testing"
From BruCON 2017
(Created page with "his is is NOT a tools course! Becoming proficient in Red Teaming is NOT something that can be taught only in a classroom. We will have multiple field exercises as well as hand...") |
|||
(7 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | + | =Red Team Testing= | |
+ | |||
+ | Chris and Ian are both frequent speakers at large security conferences (see links below) and have contributed tremendously to the security world. Their combined experience can easily fill a two week training course and unfortunately we "only" have three days. | ||
+ | |||
+ | ===Course Description=== | ||
+ | This is is NOT a tools course! Becoming proficient in Red Teaming is NOT something that can be taught only in a classroom. We will have multiple field exercises as well as hands-on classroom sessions. | ||
This course will go over some of the tools and methods you MAY use in a Red Team assessment. Feel free to come up with your own styles. | This course will go over some of the tools and methods you MAY use in a Red Team assessment. Feel free to come up with your own styles. | ||
Line 5: | Line 10: | ||
* You will learn the basics of how to profile attackers and use your imagination to become one. | * You will learn the basics of how to profile attackers and use your imagination to become one. | ||
* Learn to act like a viable adversary of the target. | * Learn to act like a viable adversary of the target. | ||
− | * Learn to | + | * Learn to analyse the security processes and technologies that are in place. |
* Using what you observe, take advantage of what others have missed, to blend Electronic, Social and Physical security into a converged attack surface. | * Using what you observe, take advantage of what others have missed, to blend Electronic, Social and Physical security into a converged attack surface. | ||
+ | = Requirements = | ||
+ | Laptop with virtual machines running BackTrack and Windows (XP and above). Native OS can replace one of the VMs (i.e. a Windows OS hosting a Kali VM, or vice-versa). | ||
+ | |||
+ | =Trainers Biography= | ||
+ | |||
+ | == Ian Amit == | ||
+ | [[File:Ianamit.jpg|thumb|125px]] | ||
+ | With over 15 years of experience in the information security industry, Ian Amit brings a mixture of Software development, OS, Network and web security to work on a daily basis. He is a frequent speaker at leading security conferences around the world (including Black Hat, DefCon, OWASP, InfoSecurity, etc...), and have published numerous articles and research material in leading print, online and broadcast media.Ian is currently serving as a Vice President at the Social Risk Management company ZeroFOX. | ||
+ | |||
+ | Ian is one of the founders of the Penetration Testing Execution Standard (PTES), its counterpart – the SexyDefense initiative, and a core member of the DirtySecurity crew. | ||
+ | |||
+ | Ian holds a Bachelor's degree in Computer Science and Business Administration from the Interdisciplinary Center at Herzlya. | ||
+ | |||
+ | <br>[[Image:300px-twitter-icon.jpg|17px]] [https://twitter.com/iiamit @iiamit] | ||
+ | |||
+ | == Chris Nickerson == | ||
+ | [[File:CNickerson.jpg|thumb|125px]] | ||
+ | Chris Nickerson is a Certified Information Systems Security Professional (CISSP) whose main area of expertise is focused on information security and Social Engineering. In order to help companies better defend and protect their critical data and key information systems. He has created a blended methodology to assess, implement, and manage information security realistically and effectively. | ||
+ | |||
+ | At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing and vulnerability assessments, to policy design, computer forensics, Social Engineering, Red Team Testing and regulatory compliance. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. Auditor for SOX compliance at KPMG, Chief Security Architect at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris also served in the U.S Navy. | ||
+ | |||
+ | Certified Information Systems Security Professional (CISSP)Certified Information Security Auditor (CISA)BS7799 Lead Auditor Accreditation (BS7799)NSA Infosec. Assessment Methodology (NSA IAM)Specialties: Vulnerability Assessment, Risk Assessment, Compliance, HIPAA,GLBA,PCI,SOX,17799/ 27001, Penetration Testing, Application Security Assessment, Physical Security, Social Engineering. | ||
+ | |||
+ | Links : | ||
+ | * [https://www.youtube.com/watch?v=HW9hH0vlPEM (Youtube) Hackers are like curious babies by Chris Nickerson (TEDxFultonStreet)] | ||
+ | * [https://www.youtube.com/watch?v=hxXNYJ1RWrE (Youtube) Chris Nickerson Interview (Security Zone 2013)] | ||
+ | * [https://www.youtube.com/channel/UCqBhgNfuAlmPf2juvVT4XJQ (Youtube) Ian Amit's Youtube channel] | ||
+ | |||
+ | ''Wed. 22 - 24 April 2015 (09:00 - 17:00)'' | ||
+ | |||
+ | [[File:Register.jpg||link=https://registration.brucon.org/training-registration/]] | ||
− | + | [[Training|Back to Training Overview]] |
Latest revision as of 20:54, 21 January 2015
Contents
Red Team Testing
Chris and Ian are both frequent speakers at large security conferences (see links below) and have contributed tremendously to the security world. Their combined experience can easily fill a two week training course and unfortunately we "only" have three days.
Course Description
This is is NOT a tools course! Becoming proficient in Red Teaming is NOT something that can be taught only in a classroom. We will have multiple field exercises as well as hands-on classroom sessions.
This course will go over some of the tools and methods you MAY use in a Red Team assessment. Feel free to come up with your own styles.
- You will learn the basics of how to profile attackers and use your imagination to become one.
- Learn to act like a viable adversary of the target.
- Learn to analyse the security processes and technologies that are in place.
- Using what you observe, take advantage of what others have missed, to blend Electronic, Social and Physical security into a converged attack surface.
Requirements
Laptop with virtual machines running BackTrack and Windows (XP and above). Native OS can replace one of the VMs (i.e. a Windows OS hosting a Kali VM, or vice-versa).
Trainers Biography
Ian Amit
With over 15 years of experience in the information security industry, Ian Amit brings a mixture of Software development, OS, Network and web security to work on a daily basis. He is a frequent speaker at leading security conferences around the world (including Black Hat, DefCon, OWASP, InfoSecurity, etc...), and have published numerous articles and research material in leading print, online and broadcast media.Ian is currently serving as a Vice President at the Social Risk Management company ZeroFOX.
Ian is one of the founders of the Penetration Testing Execution Standard (PTES), its counterpart – the SexyDefense initiative, and a core member of the DirtySecurity crew.
Ian holds a Bachelor's degree in Computer Science and Business Administration from the Interdisciplinary Center at Herzlya.
Chris Nickerson
Chris Nickerson is a Certified Information Systems Security Professional (CISSP) whose main area of expertise is focused on information security and Social Engineering. In order to help companies better defend and protect their critical data and key information systems. He has created a blended methodology to assess, implement, and manage information security realistically and effectively.
At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing and vulnerability assessments, to policy design, computer forensics, Social Engineering, Red Team Testing and regulatory compliance. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. Auditor for SOX compliance at KPMG, Chief Security Architect at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris also served in the U.S Navy.
Certified Information Systems Security Professional (CISSP)Certified Information Security Auditor (CISA)BS7799 Lead Auditor Accreditation (BS7799)NSA Infosec. Assessment Methodology (NSA IAM)Specialties: Vulnerability Assessment, Risk Assessment, Compliance, HIPAA,GLBA,PCI,SOX,17799/ 27001, Penetration Testing, Application Security Assessment, Physical Security, Social Engineering.
Links :
- (Youtube) Hackers are like curious babies by Chris Nickerson (TEDxFultonStreet)
- (Youtube) Chris Nickerson Interview (Security Zone 2013)
- (Youtube) Ian Amit's Youtube channel
Wed. 22 - 24 April 2015 (09:00 - 17:00)