Red Team Testing: The term originated within the military to describe a team whose purpose is to penetrate security of "friendly" installations, and thus test their security measures. The members are professionals who install evidence of their success, e.g. leave cardboard signs saying "bomb" in critical defense installations, hand-lettered notes saying that “your codebooks have been stolen" (they usually have not been) inside safes, etc. Sometimes, after a successful penetration, a high-ranking security person will show up later for a "security review," and "find" the evidence. Now, the term became popular in the Information Security industry, where the security of computer systems is often tested by specialized teams called “Red Teams”. The core purpose of these teams and their subsequent tests are to model the business for critical assets, and then imitate a fully motivated and funded adversarial attack. This provides the Blue Team (Defending organization) the ability to experience a broad spectrum of attacks ranging from Physical to Social to Electronic. In addition, this exercise tests the Incident response capabilities of an organization in real time. The output from these tests will provide real world comprehensive assessment of the security program and give feedback on improving both Defensive and Operational capabilities.
Laptop with virtual machines running BackTrack and Windows (XP and above). Native OS can replace one of the VMs (i.e. a Windows OS hosting a BackTrack VM, or vice-versa).
Lockpick sets, additional “gifts” related to material taught
Iftach Ian Amit With over 15 years of experience in the information security industry, Iftach Ian Amit brings a mixture of Software development, OS, Network and web security to work on a daily basis. He is a frequent speaker at leading security conferences around the world (including BlackHat, DefCon, OWASP, InfoSecurity, etc…), and have published numerous articles and research material in leading print, online and broadcast media.
Ian is currently serving as a Director of Services at the leading boutique security consulting company IOActive, where he leads the services practice in the EMEA region.
Iftach Ian Amit was recently the VP Consulting for Security-Art, prior to which he served as the Director of Security Research for Aladdin, where he created the AIRC (Attack Intelligence Research Center) and led the security roadmap for company as well as the marketing of all security related events.
Prior to Aladdin, Iftach Ian held a director position at Finjan, leading it’s security research and MCRC group, while positioning it as a leader in the web security market.
Iftach Ian was also the founder and CTO of a security startup in the IDS/IPS arena and developed new techniques for attack interception.
Prior to that, he served in a director position at Datavantage (NASDAQ:MCRS) with responsibility for software development, Information security as well designing and building a financial Datacenter.
Prior to Datavantage, he managed the Internet application department at Comsec Consulting as well as the Unix Department, where he has been consulting to major banking and industry companies worldwide.
Iftach Ian is one of the founders of the Penetration Testing Execution Standard (PTES), its counterpart – the SexyDefense initiative, and a core member of the DirtySecurity crew.
Iftach Ian holds a Bachelor’s degree in Computer Science and Business Administration from the Interdisciplinary Center at Herzlya.
Chris Nickerson is a Certified Information Systems Security Professional (CISSP) whose main area of expertise is focused on information security and Social Engineering. In order to help companies better defend and protect their critical data and key information systems. He has created a blended methodology to assess, implement, and manage information security realistically and effectively.
At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing and vulnerability assessments, to policy design, computer forensics, Social Engineering, Red Team Testing and regulatory compliance. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. Auditor for SOX compliance at KPMG, Chief Security Architect at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris also served in the U.S Navy.
Specialties: Vulnerability Assessment, Risk Assessment, Compliance, HIPAA,GLBA,PCI,SOX,17799/ 27001, Penetration Testing, Application Security Assessment, Physical Security, Social Engineering.
