Description: Ever steal a Boeing 777? How about transfer more than $400,000,000 from an account? Have you ever had one of those bad days where one wrong press of the “enter” key accidently broadcasts an emergency message to the radio station asking an entire city to evacuate? The real destruction of a business doesn’t come from a shell, a picked lock or a simple lie. The REAL threat is when all of the disciplines are combined and the only thing left in the crosshairs is the BUSINESS itself. Red Teaming is not a process of finding “A” vulnerability, but showing how flaws at EVERY level of the program combine to cause devastating effects to the company (or the tester =) ). After 15 years in the Red Teaming, Pen Testing and Security Testing Business, I have had some of the weirdest things happen. In this 50 min story time, I plan to go over our methodology, some of our BEST and WORST moments on the job, tips/tricks we picked up along the way and hopefully we can have a few laughs at our (mis)fortune(s).

Bio: Chris Nickerson,CEO of LARES, is just another “Security guy” with a whole bunch of certs whose main area of expertise is focused on Real world Attack Modeling, Red Team Testing and InfoSec Testing. At Lares, Chris leads a team of security professional who conduct Risk Assessments, Penetration testing, Application Testing, Social Engineering, Red Team Testing and Full Adversarial Attack Modeling. Prior to starting Lares, Chris was Dir. of Security Services at Alternative Technology, a Sr. IT compliance at KPMG, Sr. Security Architect and Compliance Manager at Sprint Corporate Security. Chris is a member of many security groups and was also a featured member of TruTV’s Tiger Team. Chris is the cohost of the Exotic liability Podcast, the author of the upcoming “RED TEAM TESTING” book published by Elsevier/Syngress and a founding member of BSIDES Conference.

Back to Derbycon 2013 video list