From: redteam@all.net
Reply-to: redteam@all.net
Organization: Red Team Mailing List
Subject: RedTeam Mailing List 1999-06-15
<pre>---------------------------------------------
From: "Kunz, Peter" <Peter.Kunz@sisclear.com>
Subject: AW: RedTeam Mailing List 1999-06-13
Date: Mon, 14 Jun 1999 15:08:20 +0200


Due to current personal interest/thesis work, I'd be interested in Red
Team/Penetration Testing best practices. Any pointers or is this the trade
secret of the performing company?

> Date: Sun, 13 Jun 1999 08:38:26 -0500
> From: "Ralph E. Wasmer Jr." <wazzer@flinthills.com>
> Subject: Red team training and professional development
> Status: O
> 
> It seems that is in no clear career path, and set training methods.
> 
> Say that some one wants to do Read Teaming?  How do you start?  What do
> you
> do? Where can you find a job doing this.
> 
> I would like to open a discussion on this, with some questions.
> 
> 1) Given you want to do this, what is the first step
> 
> 2) Where do you get the resources? Find the folks who know?
> 

	[Kunz, Peter]  Locally in Europe, Price Waterhouse Coopers is running
job ads, looking for ETHICAL HACKERS. You have to bring along technical
understanding, they teach you the tricks of the trade. So, you could start
out with a big 5 setup and get basic training, then move on to a real pro
who'll teach you even more. The basic problem is, though, that the candidate
must have the appropriate mindset and awareness of the issues of INFOSEC.
Otherwise, you could just hand a checklist to Average Joe.
	There's lots of basic knowledge and some how-tos and how-dont's on
the net. The hard part is learening the technical intricacies of systems.
That can only be achived in several years hardcore system-level work, IMHO.
	Running ISS against a system isn't really rocket science. Finding
weaknesses in the architecture is.

	cu
	-pete
---------------------------------------------
Date: Mon, 14 Jun 1999 09:01:20 -0700 (PDT)
From: Tobias Kohlenberg <tkohlenb@reed.edu>
Subject: Re: RedTeam Mailing List 1999-06-13

On Sun, 13 Jun 1999 redteam@all.net wrote:

> From: "Ralph E. Wasmer Jr." <wazzer@flinthills.com>
> Subject: Red team training and professional development

This is actually an issue I have been discussing with various people in
the PacNW for a while now. The problem being that finding people who have
security skills can be difficult and getting those skills can be even
harder. The solutions that are being worked on around here are
certification/degree programs for Information Security. I can go into more
detail via private email if anyone is interested.

Toby Kohlenberg
---------------------------------------------
[Editor's note:

The University of New Haven is now offering on-line information security
courses that include learning how systems are attacked and defended. The
next course starts July 5. See:

http://www.newhaven.edu/california

for details.

ALSO...

The CSI conference this week (www.gocsi.com) had an excellent
demonstration of 'extreme hacking'.  You can order the tapes and
viewgraphs from CSI and this would be a good place to start with some of
the specifics of attack and defense of relatively weak systems today.

FC]

---------------------------------------------