Planning Effective Red Team Exercises

Presented at BSidesSF 2016, Feb. 29, 2016, 1 p.m. (55 minutes).

An effective red team exercise is substantially different from a penetration test, and it should be chartered differently as well. The scenario, objective, scope, and rules of engagement all need to be positioned correctly at the beginning in order to most closely simulate a real adversary and provide maximum value to the client.In this presentation, we'll review best practices in each of these areas, distilled from conducting dozens of successful red team exercises - along with some war stories highlighting why each element matters. Those in offensive security will gain an understanding of how to manage the client's expectations for this process, and how to guide them towards an engagement that provides a realistic measurement of their ability to prevent, detect, and respond to real attacks. Those in enterprise security will gain a deeper understanding of this style of assessment, and how to work with a red team to drive real improvement in their security programs.


Presenters:

  • Sean T. Malone - Director - FusionX
    Sean Malone has conducted full real-world red team attacks against dozens of different organizations. He knows how the adversary thinks and operates, because he has been that adversary countless times in his work as a consultant. Sean works with these organizations to improve their security far beyond check-box requirements and compliance minimums. His reshaping of enterprise security architecture consistently results in significantly decreased attacker success rates. This comprehensive knowledge of an attacker's mindset, combined with his in-depth understanding of the landscape of a corporate security environment, leaves him uniquely suited to design and implement effective security programs for any corporation. Sean is a Director at FusionX and is currently looking for people to join the FusionX red team.

Links:

Similar Presentations: