Title: Next Generation Red Teaming.
Abstract: Too often organizations conduct assessments within a vacuum: physical, network, social, or application-layer. Attackers do not confine themselves similarly and avail themselves of whatever combination of techniques most effectively achieves their desired impact. Red team assessments aim to simulate these attacks more realistically and identify risk through composite, cross-domain attack vectors. This talk will cover several shortcomings with the current "model" of red teaming across the industry and how we can more effectively incorporate the application-specific attack surface into a red team effort. War stories will be shared to show the effectiveness of application-centric composite attacks in this new approach.
Speaker: Robert Wood
Bio: Robert Wood is currently acting as the red team Practice Director, leading the process development and execution of all red team assessments. Robert has worked with a number of clients spanning from Fortune 100 financial institutions to gaming companies providing software security services at every stage in the SDLC. Prior to Cigital, Robert worked for Secure Network Technologies where he developed the mobile forensic investigation practice and focused his penetration testing efforts on red teaming and network security assessments.