![Page 1: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/1.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
Hacking for your Security - Penetration Testing
Claus R. F. Overbeck - RedTeam Pentesting [email protected]
http://www.redteam-pentesting.de
November 6th, 2009Entrepreneurial Marketing, RWTH Aachen, WIN
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 2: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/2.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
Agenda
1 RedTeam Pentesting, Dates and Facts
2 What is a Pentest
3 The Foundation Story
4 Marketing at RedTeam Pentesting
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 3: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/3.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
RedTeam Pentesting, Dates and Facts
F Founded in 2004
F Specialisation exclusively onpenetration tests
F 8 penetration testers
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 4: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/4.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
”Laptop: a portable microcomputer having its maincomponents (as processor, keyboard, and display screen)integrated into a single unit capable of battery-poweredoperation”
(merriam-webster.com - Merriam Webster Online)
”Laptop: A computer designed to allow employees toeasily store vast amounts of customer data in thebackseat of a taxicab”
(The Devil’s Infosec Dictionary)
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 5: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/5.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
”Laptop: a portable microcomputer having its maincomponents (as processor, keyboard, and display screen)integrated into a single unit capable of battery-poweredoperation”
(merriam-webster.com - Merriam Webster Online)
”Laptop: A computer designed to allow employees toeasily store vast amounts of customer data in thebackseat of a taxicab”
(The Devil’s Infosec Dictionary)
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 6: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/6.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
What is a Pentest?
F Attacking a network or product with the owner’s consent
F Question: How deeply can a real attacker penetrate thesecurity?
F Same methods as the “bad guys”
F Conducted from the attacker’s perspective
F Individualised search of security vulnerabilities by experts
F Detailed documentation from the beginning
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 7: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/7.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
RWTH Research Group “RedTeam”
F Founded December 2004 at theRWTH Aachen University
F Research group at the chair ofDependable Distributed Systems(Prof. Felix Freiling)
F All participants in the group alreadyhave many years of experience in ITsecurity
F Research question: How to conductefficient penetration tests resulting inthe highest benefit for the client
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 8: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/8.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
RWTH Research Group “RedTeam”
F The research group is informally calledRed Team: a term describing theopposing force in military simulations
F First pentests of chairs at the RWTH(free of charge)
F Many are shocked how vulnerable theyare
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 9: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/9.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
RWTH Research Group “RedTeam”
F The methodology used in the pentestsis positively received
F The word spreads that “RedTeam”identifies security weaknesses ofpractical relevance in a short time
F Parallel research of securityvulnerabilities generates the first presscoverage: ITAN
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 10: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/10.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
RWTH Research Group “RedTeam”
F The interest in RedTeam’s workremains high
F Prospective customers are willing topay for the service
F In the middle of 2005: the chair movesto the University of Mannheim
F RedTeam has two choices: either quitor start a company
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 11: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/11.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
RedTeam Pentesting
F The problem: an adequate legal form
F Risk of liability
F Founding a company takes time RedTeam does not have⇒ Nomis Development GmbH lets RedTeam work as anindependent divison
F Needs an official name, “RedTeam” is too generic⇒ The new name: RedTeam Pentesting
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 12: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/12.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
Financing
F The next issue: How to finance the new companyF RedTeam Pentesting’s advantage: no need to finance anything
in advanceF No machinesF No producer goodsF No suppliersF (Almost) no external service providers
F Pentests belong to the service sector
F Most valuable assets of the company: Its employees⇒ Intellectual work
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 13: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/13.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
Financing
F Biggest costs at the beginning:F Fixed costs for rent, telephone, internet. . .F Travel costs
F Later: Salaries. Good people in IT security are rare
F Financing of the first months is covered from payed workduring the time at the RWTH
F No need for Venture Capital, EU Fundings etc.⇒ No dependencies, no expectations, no regulations
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 14: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/14.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
Technology Centre Aachen
In late 2005, the first offices at the TZA are rented
F Focus on technology-oriented companies
F Inexpensive rent
F Availability of small offices
F Flexible (even with unusual demands)
F Direct access by autobahnF Already existing infrastructure:
F ReceptionF CafeteriaF Conference roomsF Site security in the evening/night
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 15: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/15.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
RedTeam Pentesting GmbH
F The trademark RedTeam Pentesting getsmore and more established
F RedTeam Pentesting starts its owncompany in parallel to its day-to-daybusiness
F RedTeam Pentesting GmbH is in thecourse of formation as of December 2006
F Fully established as of January 1st, 2007
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 16: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/16.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
RedTeam Pentesting GmbH Today
F Working worldwide
F Medium to large companies andinternational corporations
F Small companies with special securityinterests
F Branches of trade: industry, banks andinsurance companies, trading business,operators of data centers, publicadministration...
F Press coverage in online and print media,radio and TV
F Expanded to bigger offices at the TZA
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 17: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/17.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
What is Marketing?
F Who is your customer?
F What does she want/need?
F Design your product/service to your customer’s needs.
F Communicate the value of your product/service to yourcustomer.
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 18: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/18.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
RedTeam Pentesting
F Seriousness
F Specialisation exclusively on penetration tests
F Teamwork
F Discretion
F Transfer of know-how
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing
![Page 19: Hacking for your Security - Penetration Testing · PDF fileRedTeam Pentesting, Dates and Facts What is a Pentest The Foundation Story Marketing at RedTeam Pentesting Hacking for your](https://reader033.vdocuments.us/reader033/viewer/2022052419/5a72424b7f8b9ab6538d5181/html5/thumbnails/19.jpg)
RedTeam Pentesting, Dates and FactsWhat is a Pentest
The Foundation StoryMarketing at RedTeam Pentesting
Thank you for listening. Questions?
Claus R. F. Overbeck - RedTeam Pentesting GmbH Hacking for your Security - Penetration Testing