Red Teaming Enemy of the State

DerbyCon V - Unity

Presented by: Wayne
Date: Friday September 25, 2015
Time: 17:00 - 17:50
Location: Track 1
Track: Break Me

As information security threats continue to grow in prevalence and sophistication, having a clear, holistic measure of your organization’s security measures is critical. Traditional security testing does not always accurately reflect the true tactics, tradecraft or simple pure grit and determination of your adversary. Red teaming is the process of viewing a problem from an adversary or competitor’s perspective. Using a range of structured creative and critical thinking techniques, a red team challenges assumptions and recognizes vulnerabilities from an outsider’s perspective in order to make an organization more effective and secure. Possibly the most sophisticated cyber actors are state-sponsored attackers. This presentation is about how to red team like a nation state by demonstrating the real threat from a state-sponsored attacker on high value target company. We will show that what makes state-sponsored actors so successful is their dedication to the reconnaissance and weaponization steps of the cyber kill chain. Red Team Alternate Reality Testing (ART) mimics these cyber kill chain steps in real-life threat scenarios to test all aspects of a company’s security “ technical, physical and social. Specifically we will show how state-sponsored attackers undertake reconnaissance, both online (OSINT) and physically (surveillance) on a company and its employees. We will then show how these attackers weaponize their reconnaissance to determine specific threat vectors: external threats, insider threat (and the threats nobody knows are there), in order to successfully compromise and command and control a target.

Wayne


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats