NCC Group Open Forum

This quarter we will be focusing on Red Team scenarios with a little Blue Team thrown in as well.

Dirty Red Team Tactics

By: Summer Lee (crazian) / Senior Security Consultant at GuidePoint Security

Summary: The mantra of any good red teamer is, “hope for the best, but plan for the worst.” In this talk, you will learn tactics to achieve client goals and successfully provide value even when going in cold.

About the Speaker: Summer Lee (crazian) is part of the Threat & Attack Simulation (TAS) team for GuidePoint Security. She started using social engineer tactics at a very young age which led her to have a special interest in physical Red Team engagements. Crazian is an Army veteran who has been active in the Austin infosec community since 2014 including AHA, Longhorn Lockpicking, OWASP Austin Chapter, and ATX2600. She is also a mentor for the RRISD CyberPatriots and various CCDC competitions. When she's not talking infosec, she can be found playing tabletop and video games.

Red Team vs Blue Team

By: Damian Archer, Manuel Philipose, Joey Victorino, and Danny Aga

Summary: A team of NCC Group consultants will discuss techniques that are commonly utilized as part of Red and Blue Team assessments. The presentation will aim to address areas of attack, detection and include simple improvement that can be made to improve defensive capabilities.

About the Speakers:

• Damian Archer is a Regional Director at NCC Group where he applies his knowledge of information security to numerous clients throughout a variety of industries. Damian has been in the security industry for over a decade carrying out various types of security assessment for some of the biggest organizations on the planet. Damian has been integral part of many assessments for clients who required a ‘real-world’ attack simulation. This involves carrying out a complete assessment of organizational security from the point-of-view of a real world attack group.

Manuel Philipose is a Security Consultant at NCC Group where he has led and participated in several projects related to testing networks and web applications. Manuel is also an Offensive Security Certified Professional (OSCP). Previously, Manuel has worked for L-3 Communications, National Instruments and three research labs related to bioinformatics, robotics, and security. Manuel completed his Bachelor's of Science in Electrical Engineering at The University of Texas at Austin in May of 2015.

• Joey Victorino is a Security Consultant with NCC Group and has participated in several projects related to digital forensics and incident response. Previously, Joey has worked for Cisco Systems, Volusion and several other Fortune 500 companies in information security. Joey has a Masters of Science in Cybersecurity and Information Assurance from Western Governors University. During his time at Volusion, Joey ran multiple security programs, and drove internal teams to provide timely resolutions to potential system or process issues that were identified.

• Danny Aga is a Security Consultant at NCC Group and focuses on Digital Forensics and Incident Response in NCC's Security Defense Operations Group. Danny has worked as a Forensics and eDiscovery Consultant for 12 years prior to joining NCC. Many of his recent projects have revolved around compromise assessments and incident response readiness consulting, including the auditing aspects of Purple Team engagements.