pen testing, red teaming, and more
TRANSCRIPT
![Page 1: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/1.jpg)
Pen Testing, Red Teaming, and More
@ChrisTruncer
![Page 2: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/2.jpg)
What’s this talk about?● Who I am
● How I got started in the industry● What is “red teaming” and/or “pen
testing”● Different Offensive Jobs● Where is the field going?● How to learn and get your foot in the door● Questions
![Page 3: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/3.jpg)
uid=0(@ChrisTruncer)●Christopher Truncer (@ChrisTruncer)
○Hacker○Open Source Software Developer
■Veil Framework Developer○Florida State Seminole○Random certs… blah
●Red Teamer and Pen Tester for Mandiant
![Page 4: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/4.jpg)
How I Started● College
○ College computer security class○ Hack my roommate
■ “Wow, hacking is real”○ Took a security class○ Decided this is what I wanted to do
■ …. is this even a job?
![Page 5: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/5.jpg)
How I Started● Start off in a technical role
○ Wanted to get a technical foundation before moving into security
● First job, not what I wanted● Became a Sys Admin at Northrop
Grumman○ Stayed for about 2 years
● Began my plunge into security, and haven’t looked back
![Page 6: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/6.jpg)
What is Penetration Testing or Red
Teaming?
![Page 7: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/7.jpg)
![Page 8: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/8.jpg)
Different Job Descriptions● Vulnerability Assessment/Assessor
● Penetration Tester
● Red Teamer
● Exploit Developer
![Page 9: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/9.jpg)
Vulnerability Assessment/Assessor
![Page 10: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/10.jpg)
![Page 11: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/11.jpg)
But that’s it…Kind of boring right?
![Page 12: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/12.jpg)
Penetration Tester
![Page 13: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/13.jpg)
![Page 14: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/14.jpg)
![Page 15: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/15.jpg)
Red Teaming is a little different, but similar
![Page 16: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/16.jpg)
![Page 17: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/17.jpg)
![Page 18: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/18.jpg)
Red Teaming == Objective-Based
Adversary Emulation
![Page 19: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/19.jpg)
Pen Testing/Red Teaming Career Paths
![Page 20: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/20.jpg)
Tale of Two Tracks● All team members will typically start in a
general pen testing position● With experience, you will typically specialize
○ Red Team? Web Apps? Thick Clients?● After specialization, two main tracks exist
○ Technical Track○ Management Track
![Page 21: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/21.jpg)
Tale of Two Tracks● Technical
○ Performing research, or concentrating on leading technical challenges■ Tech SME
○ Live and die by your own sword● Management
○ Lead teams running assessments○ Could stay technical… “It depends”
![Page 22: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/22.jpg)
Tale of Two Tracks● Both tracks have their pros and cons● Honestly, just figure out what you love to do
○ It’s what the beginning stage of pen testing is designed to let you do
● Find your passion in this, and go for it○ This field is filled by people who LOVE
what they do
![Page 23: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/23.jpg)
Exploit Developer
![Page 24: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/24.jpg)
![Page 25: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/25.jpg)
![Page 26: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/26.jpg)
Exploit Developer● Typically not on Ops
○ Not on keyboard ● Performing research on various technologies
○ Predominantly includes low-level analysis■ Be very comfortable in a debugger and
decompiler■ Understand the basics of exploitation
● Buffer overflows, SEH overwrites, egghunters, etc.
![Page 27: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/27.jpg)
Exploit Developer● This can be really fun and rewarding
○ Perfect for people who really like taking apart puzzles and finding holes
○ Can be VERY time consuming - might take 6 months of research to find a vuln you can exploit
○ Might not find a vulnerability○ Make a lot of money
![Page 28: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/28.jpg)
Where is OffSec Going?
![Page 29: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/29.jpg)
Where’s the field going● Pen Testing and Red Teaming is relying less
on technology, and more on people○ Human error is easiest to exploits
■ Layoff Example○ Misconfigurations/Poor configurations are
what we look for now■ User-Hunting
○ This is likely the way forward
![Page 30: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/30.jpg)
Where’s the field going● Exploitation is getting harder to do
○ Defensive technologies are making life hard■ Used to see lots of exploits, post Win 7
-> not as much○ Not many companies are offering pure
exploit development positions■ Government positions■ Third party companies
![Page 31: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/31.jpg)
Certifications● They can be… ok..
○ Sometimes needed to help get past HR○ They are NOT a sign of competency
● Best certs, look at Offensive Security○ OSCP - Pen Testing○ OSCE - Exploit Development
● This style of certifications demonstrates knowledge and is respected
![Page 32: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/32.jpg)
What I wish I knew● Be prepared to be uncomfortable at times
○ Always in a new environment with new “stuff” and you’re expected to break it
○ Perk of the job too :)● Build your process
○ Learn how you best approach networks, web apps, etc.
○ Use this to face what you don’t know
![Page 33: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/33.jpg)
Get Into Coding● Learning to
code/script will be invaluable○ Add functionality,
or write your own tools
○ Manipulate large data sets
○ Nearly a requirement to be successful
![Page 34: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/34.jpg)
Where to start coding?● Pick a language to
learn○ Windows ->
Powershell○ Linux -> Bash,
Python, or Ruby● Find something
tedious○ Automate it!
![Page 35: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/35.jpg)
How to Learn● Go to security conferences!
○ Might be anywhere from $10 - $300○ BSides Conferences are local and almost
always free, or super cheap● Build your own lab
○ VMWare is your best friend○ VulnHub
● Try free CTFs● Twitter!
![Page 36: Pen Testing, Red Teaming, and More](https://reader038.vdocuments.site/reader038/viewer/2022102811/587299981a28ab07208b4583/html5/thumbnails/36.jpg)
?Chris Truncer
○ @ChrisTruncer○ [email protected]○ https://www.christophertruncer.com○ https://github.com/ChrisTruncer