Next Generation Red Teaming presented at OWASPAppSecCalifornia 2014

by Robert Wood,

Summary : Too often organizations conduct assessments within a vacuum: physical, network, social, or application-layer. Attackers do not confine themselves similarly and avail themselves of whatever combination of techniques most effectively achieves their desired impact. Red team assessments aim to simulate these attacks more realistically and identify risk through composite, cross-domain attack vectors. This talk will cover several shortcomings with the current "model" of red teaming across the industry and how we can more effectively incorporate the application-specific attack surface into a red team effort. War stories will be shared to show the effectiveness of application-centric composite attacks in this new approach.