SlideShare ist ein Scribd-Unternehmen logo

Pen Testing, Red Teaming, and More

Als PPTX, PDF herunterladen
C
CTruncer

This is the slide deck that I used when presenting at FSU's Cyber Security Club. This presentation was supposed to give a description of what Red Teaming, Pen Testing, and other roles do.

Internet
1 von 36
Pen Testing, Red Teaming, and More @ChrisTruncer
What’s this talk about? ● Who I am ● How I got started in the industry ● What is “red teaming” and/or “pen testing” ● Different Offensive Jobs ● Where is the field going? ● How to learn and get your foot in the door ● Questions
uid=0(@ChrisTruncer) ● Christopher Truncer (@ChrisTruncer) ○ Hacker ○ Open Source Software Developer ■ Veil Framework Developer ○ Florida State Seminole ○ Random certs… blah ● Red Teamer and Pen Tester for Mandiant
How I Started ● College ○ College computer security class ○ Hack my roommate ■ “Wow, hacking is real” ○ Took a security class ○ Decided this is what I wanted to do ■ …. is this even a job?
How I Started ● Start off in a technical role ○ Wanted to get a technical foundation before moving into security ● First job, not what I wanted ● Became a Sys Admin at Northrop Grumman ○ Stayed for about 2 years ● Began my plunge into security, and haven’t looked back
What is Penetration Testing or Red Teaming?
Different Job Descriptions ● Vulnerability Assessment/Assessor ● Penetration Tester ● Red Teamer ● Exploit Developer
Vulnerability Assessment/Assesso r
But that’s it… Kind of boring right?
Penetration Tester
Red Teaming is a little different, but similar
Red Teaming == Objective-Based Adversary Emulation
Pen Testing/Red Teaming Career Paths
Tale of Two Tracks ● All team members will typically start in a general pen testing position ● With experience, you will typically specialize ○ Red Team? Web Apps? Thick Clients? ● After specialization, two main tracks exist ○ Technical Track ○ Management Track
Tale of Two Tracks ● Technical ○ Performing research, or concentrating on leading technical challenges ■ Tech SME ○ Live and die by your own sword ● Management ○ Lead teams running assessments ○ Could stay technical… “It depends”
Tale of Two Tracks ● Both tracks have their pros and cons ● Honestly, just figure out what you love to do ○ It’s what the beginning stage of pen testing is designed to let you do ● Find your passion in this, and go for it ○ This field is filled by people who LOVE what they do
Exploit Developer
Exploit Developer ● Typically not on Ops ○ Not on keyboard ● Performing research on various technologies ○ Predominantly includes low-level analysis ■ Be very comfortable in a debugger and decompiler ■ Understand the basics of exploitation ● Buffer overflows, SEH overwrites, egghunters, etc.
Exploit Developer ● This can be really fun and rewarding ○ Perfect for people who really like taking apart puzzles and finding holes ○ Can be VERY time consuming - might take 6 months of research to find a vuln you can exploit ○ Might not find a vulnerability ○ Make a lot of money
Where is OffSec Going?
Where’s the field going ● Pen Testing and Red Teaming is relying less on technology, and more on people ○ Human error is easiest to exploits ■ Layoff Example ○ Misconfigurations/Poor configurations are what we look for now ■ User-Hunting ○ This is likely the way forward
Where’s the field going ● Exploitation is getting harder to do ○ Defensive technologies are making life hard ■ Used to see lots of exploits, post Win 7 -> not as much ○ Not many companies are offering pure exploit development positions ■ Government positions ■ Third party companies
Certifications ● They can be… ok.. ○ Sometimes needed to help get past HR ○ They are NOT a sign of competency ● Best certs, look at Offensive Security ○ OSCP - Pen Testing ○ OSCE - Exploit Development ● This style of certifications demonstrates knowledge and is respected
What I wish I knew ● Be prepared to be uncomfortable at times ○ Always in a new environment with new “stuff” and you’re expected to break it ○ Perk of the job too :) ● Build your process ○ Learn how you best approach networks, web apps, etc. ○ Use this to face what you don’t know
Get Into Coding ● Learning to code/script will be invaluable ○ Add functionality, or write your own tools ○ Manipulate large data sets ○ Nearly a requirement to be successful
Where to start coding? ● Pick a language to learn ○ Windows -> Powershell ○ Linux -> Bash, Python, or Ruby ● Find something tedious ○ Automate it!
How to Learn ● Go to security conferences! ○ Might be anywhere from $10 - $300 ○ BSides Conferences are local and almost always free, or super cheap ● Build your own lab ○ VMWare is your best friend ○ VulnHub ● Try free CTFs ● Twitter!
? Chris Truncer ○ @ChrisTruncer ○ CTruncer@christophertruncer.com ○ https://www.christophertruncer.com ○ https://github.com/ChrisTruncer

Empfohlen

Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
Indranil Banerjee
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Chris Gates
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
👀 Joe Gray
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
Building an InfoSec RedTeam
Building an InfoSec RedTeamBuilding an InfoSec RedTeam
Building an InfoSec RedTeam
Dan Vasile
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSE
Jorge Orchilles
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHat
Jorge Orchilles
 
Purple Team - Work it out: Organizing Effective Adversary Emulation Exercises
Purple Team - Work it out: Organizing Effective Adversary Emulation ExercisesPurple Team - Work it out: Organizing Effective Adversary Emulation Exercises
Purple Team - Work it out: Organizing Effective Adversary Emulation Exercises
Jorge Orchilles
 

Empfohlen

Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
Indranil Banerjee
 
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Chris Gates
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
👀 Joe Gray
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
Building an InfoSec RedTeam
Building an InfoSec RedTeamBuilding an InfoSec RedTeam
Building an InfoSec RedTeam
Dan Vasile
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSE
Jorge Orchilles
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHat
Jorge Orchilles
 
Purple Team - Work it out: Organizing Effective Adversary Emulation Exercises
Purple Team - Work it out: Organizing Effective Adversary Emulation ExercisesPurple Team - Work it out: Organizing Effective Adversary Emulation Exercises
Purple Team - Work it out: Organizing Effective Adversary Emulation Exercises
Jorge Orchilles
 
ISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdfISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdf
Gurvinder Singh, CISSP, CISA, ITIL v3
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-Techniques
MITRE - ATT&CKcon
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue Team
EC-Council
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
Infosec
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
Mark Arena
 
8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix
Jorge Orchilles
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
Splunk
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
Mauricio Velazco
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team Exercises
Haydn Johnson
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testing
avioren1979
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hacking
Vikram Khanna
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
Sqrrl
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for you
Toby Kohlenberg
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
karanwayne
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
Sumedt Jitpukdebodin
 
Hacking - Breaking Into It
Hacking - Breaking Into ItHacking - Breaking Into It
Hacking - Breaking Into It
CTruncer
 
AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0
CTruncer
 

Weitere ähnliche Inhalte

Was ist angesagt?

Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-Techniques
MITRE - ATT&CKcon
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
Infosec
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
Mauricio Velazco
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 

Was ist angesagt? (20)

ISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdfISACA -Threat Hunting using Native Windows tools .pdf
ISACA -Threat Hunting using Native Windows tools .pdf
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-Techniques
 
Red Team vs. Blue Team
Red Team vs. Blue TeamRed Team vs. Blue Team
Red Team vs. Blue Team
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
 
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team PlaybooksSANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team Exercises
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testing
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hacking
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for you
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
 

Andere mochten auch

Andere mochten auch (20)

Hacking - Breaking Into It
Hacking - Breaking Into ItHacking - Breaking Into It
Hacking - Breaking Into It
 
AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0
 
Higher Level Malware
Higher Level MalwareHigher Level Malware
Higher Level Malware
 
Passive Intelligence Gathering and Analytics - It's All Just Metadata!
Passive Intelligence Gathering and Analytics - It's All Just Metadata!Passive Intelligence Gathering and Analytics - It's All Just Metadata!
Passive Intelligence Gathering and Analytics - It's All Just Metadata!
 
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreA Battle Against the Industry - Beating Antivirus for Meterpreter and More
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
 
Ever Present Persistence - Established Footholds Seen in the Wild
Ever Present Persistence - Established Footholds Seen in the WildEver Present Persistence - Established Footholds Seen in the Wild
Ever Present Persistence - Established Footholds Seen in the Wild
 
The Art of AV Evasion - Or Lack Thereof
The Art of AV Evasion - Or Lack ThereofThe Art of AV Evasion - Or Lack Thereof
The Art of AV Evasion - Or Lack Thereof
 
An EyeWitness View into your Network
An EyeWitness View into your NetworkAn EyeWitness View into your Network
An EyeWitness View into your Network
 
Bringing Down the House - How One Python Script Ruled Over AntiVirus
Bringing Down the House - How One Python Script Ruled Over AntiVirusBringing Down the House - How One Python Script Ruled Over AntiVirus
Bringing Down the House - How One Python Script Ruled Over AntiVirus
 
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationWhat Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
 
The Veil-Framework
The Veil-FrameworkThe Veil-Framework
The Veil-Framework
 
AV Evasion with the Veil Framework
AV Evasion with the Veil FrameworkAV Evasion with the Veil Framework
AV Evasion with the Veil Framework
 
The State of the Veil Framework
The State of the Veil FrameworkThe State of the Veil Framework
The State of the Veil Framework
 
Veil-Ordnance
Veil-OrdnanceVeil-Ordnance
Veil-Ordnance
 
Egress-Assess and Owning Data Exfiltration
Egress-Assess and Owning Data ExfiltrationEgress-Assess and Owning Data Exfiltration
Egress-Assess and Owning Data Exfiltration
 
Pentester++
Pentester++Pentester++
Pentester++
 
EyeWitness - A Web Application Triage Tool
EyeWitness - A Web Application Triage ToolEyeWitness - A Web Application Triage Tool
EyeWitness - A Web Application Triage Tool
 
Null Mumbai 14th May Lesser Known Webapp attacks by Ninad Sarang
Null Mumbai 14th May Lesser Known Webapp attacks by Ninad SarangNull Mumbai 14th May Lesser Known Webapp attacks by Ninad Sarang
Null Mumbai 14th May Lesser Known Webapp attacks by Ninad Sarang
 
The Supporting Role of Antivirus Evasion while Persisting
The Supporting Role of Antivirus Evasion while PersistingThe Supporting Role of Antivirus Evasion while Persisting
The Supporting Role of Antivirus Evasion while Persisting
 
Derbycon - Passing the Torch
Derbycon - Passing the TorchDerbycon - Passing the Torch
Derbycon - Passing the Torch
 

Ähnlich wie Pen Testing, Red Teaming, and More

How Indeed asks coding interview questions
How Indeed asks coding interview questionsHow Indeed asks coding interview questions
How Indeed asks coding interview questions
Fangda Wang
 
Ace the Tech Interviews - www.hiredintech.com
Ace the Tech Interviews - www.hiredintech.comAce the Tech Interviews - www.hiredintech.com
Ace the Tech Interviews - www.hiredintech.com
Anton Dimitrov
 

Ähnlich wie Pen Testing, Red Teaming, and More (20)

DEF CON 23 - Tottenkoph IrishMASMS - hackers hiring hacker
DEF CON 23 - Tottenkoph IrishMASMS - hackers hiring hackerDEF CON 23 - Tottenkoph IrishMASMS - hackers hiring hacker
DEF CON 23 - Tottenkoph IrishMASMS - hackers hiring hacker
 
How to become Industry ready engineers.pdf
How to become Industry ready engineers.pdfHow to become Industry ready engineers.pdf
How to become Industry ready engineers.pdf
 
Demise of test scripts rise of test ideas
Demise of test scripts rise of test ideasDemise of test scripts rise of test ideas
Demise of test scripts rise of test ideas
 
WordCamp Milwaukee 2012 - Aaron Saray - Secure Wordpress Coding
WordCamp Milwaukee 2012 - Aaron Saray - Secure Wordpress CodingWordCamp Milwaukee 2012 - Aaron Saray - Secure Wordpress Coding
WordCamp Milwaukee 2012 - Aaron Saray - Secure Wordpress Coding
 
Hiring and Managing Happy Engineers - CTO Pizza #3
Hiring and Managing Happy Engineers - CTO Pizza #3Hiring and Managing Happy Engineers - CTO Pizza #3
Hiring and Managing Happy Engineers - CTO Pizza #3
 
Unit testing in PHP
Unit testing in PHPUnit testing in PHP
Unit testing in PHP
 
Book: Software Architecture and Decision-Making
Book: Software Architecture and Decision-MakingBook: Software Architecture and Decision-Making
Book: Software Architecture and Decision-Making
 
Hooking react developers
Hooking react developersHooking react developers
Hooking react developers
 
How Indeed asks coding interview questions
How Indeed asks coding interview questionsHow Indeed asks coding interview questions
How Indeed asks coding interview questions
 
Tech survival 101
Tech survival 101Tech survival 101
Tech survival 101
 
Ace the Tech Interviews - www.hiredintech.com
Ace the Tech Interviews - www.hiredintech.comAce the Tech Interviews - www.hiredintech.com
Ace the Tech Interviews - www.hiredintech.com
 
Evil testers guide to technical testing
Evil testers guide to technical testingEvil testers guide to technical testing
Evil testers guide to technical testing
 
Presentation for JSPM's RSCOE
Presentation for JSPM's RSCOEPresentation for JSPM's RSCOE
Presentation for JSPM's RSCOE
 
Karat at CMU
Karat at CMUKarat at CMU
Karat at CMU
 
build@mercari-week7-mark-talk
build@mercari-week7-mark-talkbuild@mercari-week7-mark-talk
build@mercari-week7-mark-talk
 
Try harder or go home
Try harder or go homeTry harder or go home
Try harder or go home
 
Getting a Data Science Job
Getting a Data Science JobGetting a Data Science Job
Getting a Data Science Job
 
IBADD Tech Survival 101
IBADD Tech Survival 101IBADD Tech Survival 101
IBADD Tech Survival 101
 
How to deliver the right software (Specification by example)
How to deliver the right software (Specification by example)How to deliver the right software (Specification by example)
How to deliver the right software (Specification by example)
 
Engineers need to learn UXR
Engineers need to learn UXREngineers need to learn UXR
Engineers need to learn UXR
 

Kürzlich hochgeladen

PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
galaxypingy
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
Asmae Rabhi
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 

Kürzlich hochgeladen (20)

Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 

Pen Testing, Red Teaming, and More

  • 1. Pen Testing, Red Teaming, and More @ChrisTruncer
  • 2. What’s this talk about? ● Who I am ● How I got started in the industry ● What is “red teaming” and/or “pen testing” ● Different Offensive Jobs ● Where is the field going? ● How to learn and get your foot in the door ● Questions
  • 3. uid=0(@ChrisTruncer) ● Christopher Truncer (@ChrisTruncer) ○ Hacker ○ Open Source Software Developer ■ Veil Framework Developer ○ Florida State Seminole ○ Random certs… blah ● Red Teamer and Pen Tester for Mandiant
  • 4. How I Started ● College ○ College computer security class ○ Hack my roommate ■ “Wow, hacking is real” ○ Took a security class ○ Decided this is what I wanted to do ■ …. is this even a job?
  • 5. How I Started ● Start off in a technical role ○ Wanted to get a technical foundation before moving into security ● First job, not what I wanted ● Became a Sys Admin at Northrop Grumman ○ Stayed for about 2 years ● Began my plunge into security, and haven’t looked back
  • 6. What is Penetration Testing or Red Teaming?
  • 7.
  • 8. Different Job Descriptions ● Vulnerability Assessment/Assessor ● Penetration Tester ● Red Teamer ● Exploit Developer
  • 10.
  • 11. But that’s it… Kind of boring right?
  • 13.
  • 14.
  • 15. Red Teaming is a little different, but similar
  • 16.
  • 17.
  • 20. Tale of Two Tracks ● All team members will typically start in a general pen testing position ● With experience, you will typically specialize ○ Red Team? Web Apps? Thick Clients? ● After specialization, two main tracks exist ○ Technical Track ○ Management Track
  • 21. Tale of Two Tracks ● Technical ○ Performing research, or concentrating on leading technical challenges ■ Tech SME ○ Live and die by your own sword ● Management ○ Lead teams running assessments ○ Could stay technical… “It depends”
  • 22. Tale of Two Tracks ● Both tracks have their pros and cons ● Honestly, just figure out what you love to do ○ It’s what the beginning stage of pen testing is designed to let you do ● Find your passion in this, and go for it ○ This field is filled by people who LOVE what they do
  • 24.
  • 25.
  • 26. Exploit Developer ● Typically not on Ops ○ Not on keyboard ● Performing research on various technologies ○ Predominantly includes low-level analysis ■ Be very comfortable in a debugger and decompiler ■ Understand the basics of exploitation ● Buffer overflows, SEH overwrites, egghunters, etc.
  • 27. Exploit Developer ● This can be really fun and rewarding ○ Perfect for people who really like taking apart puzzles and finding holes ○ Can be VERY time consuming - might take 6 months of research to find a vuln you can exploit ○ Might not find a vulnerability ○ Make a lot of money
  • 29. Where’s the field going ● Pen Testing and Red Teaming is relying less on technology, and more on people ○ Human error is easiest to exploits ■ Layoff Example ○ Misconfigurations/Poor configurations are what we look for now ■ User-Hunting ○ This is likely the way forward
  • 30. Where’s the field going ● Exploitation is getting harder to do ○ Defensive technologies are making life hard ■ Used to see lots of exploits, post Win 7 -> not as much ○ Not many companies are offering pure exploit development positions ■ Government positions ■ Third party companies
  • 31. Certifications ● They can be… ok.. ○ Sometimes needed to help get past HR ○ They are NOT a sign of competency ● Best certs, look at Offensive Security ○ OSCP - Pen Testing ○ OSCE - Exploit Development ● This style of certifications demonstrates knowledge and is respected
  • 32. What I wish I knew ● Be prepared to be uncomfortable at times ○ Always in a new environment with new “stuff” and you’re expected to break it ○ Perk of the job too :) ● Build your process ○ Learn how you best approach networks, web apps, etc. ○ Use this to face what you don’t know
  • 33. Get Into Coding ● Learning to code/script will be invaluable ○ Add functionality, or write your own tools ○ Manipulate large data sets ○ Nearly a requirement to be successful
  • 34. Where to start coding? ● Pick a language to learn ○ Windows -> Powershell ○ Linux -> Bash, Python, or Ruby ● Find something tedious ○ Automate it!
  • 35. How to Learn ● Go to security conferences! ○ Might be anywhere from $10 - $300 ○ BSides Conferences are local and almost always free, or super cheap ● Build your own lab ○ VMWare is your best friend ○ VulnHub ● Try free CTFs ● Twitter!
  • 36. ? Chris Truncer ○ @ChrisTruncer ○ CTruncer@christophertruncer.com ○ https://www.christophertruncer.com ○ https://github.com/ChrisTruncer

Hinweis der Redaktion

  1. http://static2.techinsider.io/image/55ad5e1add0895810d8b45b5-2048-1365/6870002408_fb3bb8a069_k.jpg
  2. https://dilanwarnakulasooriya.files.wordpress.com/2012/07/52.png
  3. https://dilanwarnakulasooriya.files.wordpress.com/2012/07/52.png
  4. https://dilanwarnakulasooriya.files.wordpress.com/2012/07/52.png
  5. http://www.gannett-cdn.com/-mm-/0dafc0732cc7dc230df8135e882290d7c4c04efb/c=0-15-1325-1013&r=x404&c=534x401/local/-/media/USATODAY/GenericImages/2013/08/20/1377029409000-AP-Earns-UPS.jpg
  6. https://dilanwarnakulasooriya.files.wordpress.com/2012/07/52.png
  7. http://www.gannett-cdn.com/-mm-/0dafc0732cc7dc230df8135e882290d7c4c04efb/c=0-15-1325-1013&r=x404&c=534x401/local/-/media/USATODAY/GenericImages/2013/08/20/1377029409000-AP-Earns-UPS.jpg
  8. http://www.gannett-cdn.com/-mm-/0dafc0732cc7dc230df8135e882290d7c4c04efb/c=0-15-1325-1013&r=x404&c=534x401/local/-/media/USATODAY/GenericImages/2013/08/20/1377029409000-AP-Earns-UPS.jpg