Nationaal Cyber Security Centrum - Ministerie van Veiligheid en Justitie

Red Team Testing by Ian Amit and Chris Nickerson (€ 600)

Training description

The term originated within the military to describe a team whose purpose is to penetrate security of "friendly" installations, and thus test their security measures. The members are professionals who install evidence of their success, e.g. leave cardboard signs saying "bomb" in critical defense installations, hand-lettered notes saying that “your codebooks have been stolen" (they usually have not been) inside safes, etc. Sometimes, after a successful penetration, a high-ranking security person will show up later for a "security review," and "find" the evidence. 

Now, the term became popular in the Information Security industry, where the security of computer systems is often tested by specialized teams called  “Red Teams”. The core purpose of these teams and their subsequent tests are to model the business for critical assets, and then imitate a fully motivated and funded adversarial attack. This provides the Blue Team (Defending organization) the ability to experience a broad spectrum of attacks ranging from Physical to Social to Electronic. In addition, this exercise tests the Incident response capabilities of an organization in real time. The output from these tests will provide real world comprehensive assessment of the security program and give feedback on improving both Defensive and Operational capabilities.

>> This is NOT a tools course
>> Becoming proficient in Red Teaming is NOT something that can be taught only in a classroom. We will have multiple field exercises
>> This course will go over some of the tools and methods you MAY use in a Red Team assessment. Feel free to come up with your own styles.
>> You will learn the basics of How to profile attackers and Use your imagination to become one.
>> Learn to act like a viable adversary of the target
>> Learn to analyze the security processes and technologies that are in place
>> Using what you observe to take advantage of what others have missed, to blend Electronic, Social and Physical security into a converged attack surface

Other training sessions

Pentesting Web Applications by Raul Siles (€ 600)

SHODAN by Eireann Leverett (€ 600)

Taranis by NCSC (€ 150)