Lares In Action : Experience

Streaming Media

International Airport

The Lares engineers were engaged to conduct Social Engineering for a major international airport, during a blended threat assessment. Engineers were successful in social engineering their way into secured office areas. Once inside, the engineers crawled above the ceiling tiles to access the secure server room next door as well as the engineering level above the main floor of the terminal building. From here engineers were able to control video surveillance, electricity, ventilation systems, and phone systems in their entirety.

Once this compromise had occurred, engineers proceeded to the Baggage Claim area where an information computer kiosk was stationed. Engineers picked the lock on the kiosk, removed the mouse and keyboard from inside, and after breaking out of the "informational" application, used the computer to download hacking utilities from the internet and had complete control of the internal network systems within 30 minutes. This all occurred on a Sunday during the day (one of the busiest travel days for an international airport).

Engineers were only confronted once while hacking from the kiosk, and responded to the employee that a "security assessment" was being performed. No badges were visible on either engineer and the employee was convinced after a five minute conversation that everything was ok and no security was notified. It is important to note that all of this occurred on the day the threat level was raised to "orange" (September of 2006).

Car Dealership

Engineers were engaged to test the security of Symbolic Motors, an exotic car dealership located in La Jolla, California. In this episode, the Tiger Team employs two distinct social engineering attacks, one rogue wireless access point attack, and a complex physical attack to gain unabated access sensitive customer information and millions of dollars worth of cars on the show room floor.

<noframes>You Need an Iframe Viewable Browser to see this content</noframes>

Custom Jeweler

Engineers were engaged to test the security of Jason of Beverly Hills, a custom jeweler located in Beverly Hills, California. In this episode, the Tiger Team employs a social engineering attack, an RFID cloning attack, a complex physical attack, and a safe-cracking attack to gain access to millions of dollars worth of precious gems and sensitive customer information.

<noframes>You Need an Iframe Viewable Browser to see this content</noframes>

NOTE: Lares Consulting will not engage or conduct exercises that will endanger Human life or safety, or is deemed illegal by local, state, or federal laws. Lares Consulting requires a signed letter of permission to be carried on the engineer's body at all times during testing efforts.

Denver KHOW AM: MP3 Download

Exoticliability: Podcast

Publication and Speaking Engagements

Publications

Aggressive Network Self Defense

Contributing writer to COBIT

Contributing writer to ISO17799, and one of less than 1000 certified auditors of the ISO17799 (international standards for security best practices).

Author of multiple national / international security awareness training programs

Speaking Engagements

The Lares engineers are engaged to present as keynote speakers on Security topics such as blended threat, compliance/regulations, and best practices for worldwide audiences. Currently, the team averages three speaking engagements per month. A sample of the repeatable conferences the team has participated in include:

DefCon (Worldwide Hacking Convention)

OWASP

SANS

BruCon

ISACA/ISSA

ShmooCon

PHNeutral

DarkReading

Security B-Sides

ChicagoCon ( Keynote)

EthicalHacker.net

White Hat World