Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Pen Testing, Red Teaming, and More


Published on

This is the slide deck that I used when presenting at FSU's Cyber Security Club. This presentation was supposed to give a description of what Red Teaming, Pen Testing, and other roles do.

Published in: Internet
  • Be the first to comment

Pen Testing, Red Teaming, and More

  1. 1. Pen Testing, Red Teaming, and More @ChrisTruncer
  2. 2. What’s this talk about? ● Who I am ● How I got started in the industry ● What is “red teaming” and/or “pen testing” ● Different Offensive Jobs ● Where is the field going? ● How to learn and get your foot in the door ● Questions
  3. 3. uid=0(@ChrisTruncer) ● Christopher Truncer (@ChrisTruncer) ○ Hacker ○ Open Source Software Developer ■ Veil Framework Developer ○ Florida State Seminole ○ Random certs… blah ● Red Teamer and Pen Tester for Mandiant
  4. 4. How I Started ● College ○ College computer security class ○ Hack my roommate ■ “Wow, hacking is real” ○ Took a security class ○ Decided this is what I wanted to do ■ …. is this even a job?
  5. 5. How I Started ● Start off in a technical role ○ Wanted to get a technical foundation before moving into security ● First job, not what I wanted ● Became a Sys Admin at Northrop Grumman ○ Stayed for about 2 years ● Began my plunge into security, and haven’t looked back
  6. 6. What is Penetration Testing or Red Teaming?
  7. 7. Different Job Descriptions ● Vulnerability Assessment/Assessor ● Penetration Tester ● Red Teamer ● Exploit Developer
  8. 8. Vulnerability Assessment/Assesso r
  9. 9. But that’s it… Kind of boring right?
  10. 10. Penetration Tester
  11. 11. Red Teaming is a little different, but similar
  12. 12. Red Teaming == Objective-Based Adversary Emulation
  13. 13. Pen Testing/Red Teaming Career Paths
  14. 14. Tale of Two Tracks ● All team members will typically start in a general pen testing position ● With experience, you will typically specialize ○ Red Team? Web Apps? Thick Clients? ● After specialization, two main tracks exist ○ Technical Track ○ Management Track
  15. 15. Tale of Two Tracks ● Technical ○ Performing research, or concentrating on leading technical challenges ■ Tech SME ○ Live and die by your own sword ● Management ○ Lead teams running assessments ○ Could stay technical… “It depends”
  16. 16. Tale of Two Tracks ● Both tracks have their pros and cons ● Honestly, just figure out what you love to do ○ It’s what the beginning stage of pen testing is designed to let you do ● Find your passion in this, and go for it ○ This field is filled by people who LOVE what they do
  17. 17. Exploit Developer
  18. 18. Exploit Developer ● Typically not on Ops ○ Not on keyboard ● Performing research on various technologies ○ Predominantly includes low-level analysis ■ Be very comfortable in a debugger and decompiler ■ Understand the basics of exploitation ● Buffer overflows, SEH overwrites, egghunters, etc.
  19. 19. Exploit Developer ● This can be really fun and rewarding ○ Perfect for people who really like taking apart puzzles and finding holes ○ Can be VERY time consuming - might take 6 months of research to find a vuln you can exploit ○ Might not find a vulnerability ○ Make a lot of money
  20. 20. Where is OffSec Going?
  21. 21. Where’s the field going ● Pen Testing and Red Teaming is relying less on technology, and more on people ○ Human error is easiest to exploits ■ Layoff Example ○ Misconfigurations/Poor configurations are what we look for now ■ User-Hunting ○ This is likely the way forward
  22. 22. Where’s the field going ● Exploitation is getting harder to do ○ Defensive technologies are making life hard ■ Used to see lots of exploits, post Win 7 -> not as much ○ Not many companies are offering pure exploit development positions ■ Government positions ■ Third party companies
  23. 23. Certifications ● They can be… ok.. ○ Sometimes needed to help get past HR ○ They are NOT a sign of competency ● Best certs, look at Offensive Security ○ OSCP - Pen Testing ○ OSCE - Exploit Development ● This style of certifications demonstrates knowledge and is respected
  24. 24. What I wish I knew ● Be prepared to be uncomfortable at times ○ Always in a new environment with new “stuff” and you’re expected to break it ○ Perk of the job too :) ● Build your process ○ Learn how you best approach networks, web apps, etc. ○ Use this to face what you don’t know
  25. 25. Get Into Coding ● Learning to code/script will be invaluable ○ Add functionality, or write your own tools ○ Manipulate large data sets ○ Nearly a requirement to be successful
  26. 26. Where to start coding? ● Pick a language to learn ○ Windows -> Powershell ○ Linux -> Bash, Python, or Ruby ● Find something tedious ○ Automate it!
  27. 27. How to Learn ● Go to security conferences! ○ Might be anywhere from $10 - $300 ○ BSides Conferences are local and almost always free, or super cheap ● Build your own lab ○ VMWare is your best friend ○ VulnHub ● Try free CTFs ● Twitter!
  28. 28. ? Chris Truncer ○ @ChrisTruncer ○ ○ ○