From BruCON 2015
Jump to: navigation, search
(Created page with "his is is NOT a tools course! Becoming proficient in Red Teaming is NOT something that can be taught only in a classroom. We will have multiple field exercises as well as hand...")
 
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
his is is NOT a tools course! Becoming proficient in Red Teaming is NOT something that can be taught only in a classroom. We will have multiple field exercises as well as hands-on classroom sessions.
+
=Red Team Testing=
 +
 
 +
Chris and Ian are both frequent speakers at large security conferences (see links below) and have contributed tremendously to the security world. Their combined experience can easily fill a two week training course and unfortunately we "only" have three days.
 +
 
 +
===Course Description===
 +
This is is NOT a tools course! Becoming proficient in Red Teaming is NOT something that can be taught only in a classroom. We will have multiple field exercises as well as hands-on classroom sessions.
  
 
This course will go over some of the tools and methods you MAY use in a Red Team assessment. Feel free to come up with your own styles.
 
This course will go over some of the tools and methods you MAY use in a Red Team assessment. Feel free to come up with your own styles.
Line 5: Line 10:
 
* You will learn the basics of how to profile attackers and use your imagination to become one.
 
* You will learn the basics of how to profile attackers and use your imagination to become one.
 
* Learn to act like a viable adversary of the target.
 
* Learn to act like a viable adversary of the target.
* Learn to analyze the security processes and technologies that are in place.
+
* Learn to analyse the security processes and technologies that are in place.
 
* Using what you observe, take advantage of what others have missed, to blend Electronic, Social and Physical security into a converged attack surface.
 
* Using what you observe, take advantage of what others have missed, to blend Electronic, Social and Physical security into a converged attack surface.
  
 +
= Requirements =
 +
Laptop with virtual machines running BackTrack and Windows (XP and above). Native OS can replace one of the VMs (i.e. a Windows OS hosting a Kali VM, or vice-versa).
 +
 +
=Trainers Biography=
 +
 +
== Ian Amit ==
 +
[[File:Ianamit.jpg|thumb|125px]]
 +
With over 15 years of experience in the information security industry, Ian Amit brings a mixture of Software development, OS, Network and web security to work on a daily basis. He is a frequent speaker at leading security conferences around the world (including Black Hat, DefCon, OWASP, InfoSecurity, etc...), and have published numerous articles and research material in leading print, online and broadcast media.Ian is currently serving as a Vice President at the Social Risk Management company ZeroFOX.
 +
 +
Ian is one of the founders of the Penetration Testing Execution Standard (PTES), its counterpart – the SexyDefense initiative, and a core member of the DirtySecurity crew.
 +
 +
Ian holds a Bachelor's degree in Computer Science and Business Administration from the Interdisciplinary Center at Herzlya.
 +
 +
<br>[[Image:300px-twitter-icon.jpg|17px]] [https://twitter.com/iiamit @iiamit]
 +
 +
== Chris Nickerson ==
 +
[[File:CNickerson.jpg|thumb|125px]]
 +
Chris Nickerson is a Certified Information Systems Security Professional (CISSP) whose main area of expertise is focused on information security and Social Engineering. In order to help companies better defend and protect their critical data and key information systems. He has created a blended methodology to assess, implement, and manage information security realistically and effectively.
 +
 +
At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing and vulnerability assessments, to policy design, computer forensics, Social Engineering, Red Team Testing and regulatory compliance. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. Auditor for SOX compliance at KPMG, Chief Security Architect at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris also served in the U.S Navy.
 +
 +
Certified Information Systems Security Professional (CISSP)Certified Information Security Auditor (CISA)BS7799 Lead Auditor Accreditation (BS7799)NSA Infosec. Assessment Methodology (NSA IAM)Specialties: Vulnerability Assessment, Risk Assessment, Compliance, HIPAA,GLBA,PCI,SOX,17799/ 27001, Penetration Testing, Application Security Assessment, Physical Security, Social Engineering.
 +
 +
Links :
 +
* [https://www.youtube.com/watch?v=HW9hH0vlPEM (Youtube) Hackers are like curious babies by Chris Nickerson (TEDxFultonStreet)]
 +
* [https://www.youtube.com/watch?v=hxXNYJ1RWrE (Youtube) Chris Nickerson Interview (Security Zone 2013)]
 +
* [https://www.youtube.com/channel/UCqBhgNfuAlmPf2juvVT4XJQ (Youtube) Ian Amit's Youtube channel]
 +
 +
''Wed. 22 - 24 April 2015 (09:00 - 17:00)''
 +
 +
[[File:Register.jpg||link=https://registration.brucon.org/training-registration/]]
  
Required: Laptop with virtual machines running BackTrack and Windows (XP and above). Native OS can replace one of the VMs (i.e. a Windows OS hosting a Kali VM, or vice-versa).
+
[[Training|Back to Training Overview]]

Latest revision as of 20:54, 21 January 2015

Red Team Testing

Chris and Ian are both frequent speakers at large security conferences (see links below) and have contributed tremendously to the security world. Their combined experience can easily fill a two week training course and unfortunately we "only" have three days.

Course Description

This is is NOT a tools course! Becoming proficient in Red Teaming is NOT something that can be taught only in a classroom. We will have multiple field exercises as well as hands-on classroom sessions.

This course will go over some of the tools and methods you MAY use in a Red Team assessment. Feel free to come up with your own styles.

  • You will learn the basics of how to profile attackers and use your imagination to become one.
  • Learn to act like a viable adversary of the target.
  • Learn to analyse the security processes and technologies that are in place.
  • Using what you observe, take advantage of what others have missed, to blend Electronic, Social and Physical security into a converged attack surface.

Requirements

Laptop with virtual machines running BackTrack and Windows (XP and above). Native OS can replace one of the VMs (i.e. a Windows OS hosting a Kali VM, or vice-versa).

Trainers Biography

Ian Amit

Ianamit.jpg

With over 15 years of experience in the information security industry, Ian Amit brings a mixture of Software development, OS, Network and web security to work on a daily basis. He is a frequent speaker at leading security conferences around the world (including Black Hat, DefCon, OWASP, InfoSecurity, etc...), and have published numerous articles and research material in leading print, online and broadcast media.Ian is currently serving as a Vice President at the Social Risk Management company ZeroFOX.

Ian is one of the founders of the Penetration Testing Execution Standard (PTES), its counterpart – the SexyDefense initiative, and a core member of the DirtySecurity crew.

Ian holds a Bachelor's degree in Computer Science and Business Administration from the Interdisciplinary Center at Herzlya.


300px-twitter-icon.jpg @iiamit

Chris Nickerson

CNickerson.jpg

Chris Nickerson is a Certified Information Systems Security Professional (CISSP) whose main area of expertise is focused on information security and Social Engineering. In order to help companies better defend and protect their critical data and key information systems. He has created a blended methodology to assess, implement, and manage information security realistically and effectively.

At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing and vulnerability assessments, to policy design, computer forensics, Social Engineering, Red Team Testing and regulatory compliance. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. Auditor for SOX compliance at KPMG, Chief Security Architect at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris also served in the U.S Navy.

Certified Information Systems Security Professional (CISSP)Certified Information Security Auditor (CISA)BS7799 Lead Auditor Accreditation (BS7799)NSA Infosec. Assessment Methodology (NSA IAM)Specialties: Vulnerability Assessment, Risk Assessment, Compliance, HIPAA,GLBA,PCI,SOX,17799/ 27001, Penetration Testing, Application Security Assessment, Physical Security, Social Engineering.

Links :

Wed. 22 - 24 April 2015 (09:00 - 17:00)

Register.jpg

Back to Training Overview