Red And Tiger Team presented at BruCON 2009

by Chris Nickerson (Lares),

Tags: Mobile Security Security Others Deep Knowledge Application Security Monitoring Social Engineering Reverse Engineering Network Penetration Physical Pentesting

URL : http://2009.brucon.org/articles/p/r/e/Presentations.html#Red_and_Tiger_Team

Summary : The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war?

To find out, we must do as Sun Tzu taught. "Think like our enemy!" That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn't it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads... literally. It is only a matter of time before corporations fall from the raw effectiveness and lack of preparedness for this all too common attack.

Chris Nickerson: Chris Nickerson is a (CISSP) whose main area of expertise is focused on Red Team Testing and Infosec Testing. In order to help companies better defend and protect their critical data and key information systems, he has created a blended methodology to assess, implement, and manage information security realistically and effectively. At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing, Application Testing and vulnerability assessments, to policy design, computer forensics, Social Engineering, Red Team Testing and regulatory compliance. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. IT compliance at KPMG, Sr. Security Architect and Compliance Manager at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris is a member of OWASP, ISACA Denver and is also a featured member of TruTV's Tiger Team, a 30 minute reality television program showing the activities of actual Red Team tests and active assessments. Chris is also the co host of the Exotic liability Podcast.