A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Passing the Torch: Old School Red Teaming - New School Tactics - David McGuire and Will Schroeder Derbycon 2014 (Hacking Illustrated Series InfoSec Tutorial Videos)

Passing the Torch: Old School Red Teaming - New School Tactics
David McGuire and Will Schroeder
Derbycon 2014

APT X, Target, Stuxnet; the media and public have started to pay more and more attention to sophisticated attackers and the havoc they can wreck. As evidence of advanced com promises becomes increasingly apparent, companies have begun to move beyond simple pentesting towards full blown threat simulation in order to effectively identify and mitigate the threat. However, red teaming operations are not a new concept, and advanced military teams have been simulating advanced adversaries long before the recent surge of attention from the private sector. While the tools and techniques of red teams may have changed, many of the procedures are still effective today.This presentation will aim to bridge the gap between the old and new, showing how the fundamental concepts of military red teaming still translate to the current landscape. We’ll overview our take on operational red teaming and break out various engagement objective phases including situational awareness, escalation, data mining, lateral movement, evasion and persistence. We’ll trace through the “old school” way to achieve the objective, and then show how updated tools and techniques can enable modern operations. The fundamental tactics developed years ago are still very effective, and a new coat of paint makes them even more dangerous.

Back to Derbycon 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast