General types of threats includes social engineering/human (corporate/personal manipulation, bogus e-mails, physical intrusion, media dropping, phone calls, conversation, role playing), electronic (application and business logic attacks, software vulnerability exploitation, ...), physical (break-in, theft, physical access, physical manipulation, violence), and malfunction/inherent (business logic flaws, software glitches, software coding holes/exploits, process breakdown, act of god/war/terrorism disruption, intended backdoors) and a red team test should cover them all.

Why red teaming?

How do you know you can put up a fight if you have never taken a punch?

Red teaming process: Information Gathering -> Vulnerability Analysis -> Target Selection -> Planning -> Executing the Attack -> Back to step 1

Process of Attack

• Information Gathering: Research methods and useful information (spend most time here)
• Vulnerability Analysis: Internal/external/hired/personal
• Target Selection: Internal/external/hired/personal
• Planning: Plan a, b, e, d, pie
• Executing the Attack: Getting what you need and getting out.  Not getting greedy.  Getting out cleanly.

Corporate Attack Approach

• External Direct: server/app attack
• External Indirect: client side/phishing/phone calls
• Internal Indirect: key/cd drops/propaganda/creating a spy
• Internal Direct: social/electronic/physical/blended
• Exotic Attacks: environment manipulation (pulling the fire alarm, etc to move people)

Information Gathering Tools

• Maltego: The best attacks from the best intel (gives a graphical view of how all of the information interacts)
• Metagoofil: Yer Dox on the net have Infos (Extracts information from internet documents)
• Clez.net (External Profiling)
• CentralOps.net (Network Profiling)
• Robtex (Server Profiling)
• Touchgraph (Show business relationships and links)
• ServerSniff (Get tons of webserver specific info and verification)
• Netcraft (usage info)
• DomainTools (Domain info)
• MySpace/Friendster/Twitter (know ya enemy)

Onsite Tools

• BootRoot/SysReQ
• Ophcrack Live
• Helix/Backtrack
• Core Impact
• FireWire PCMCIA Card + Winlockpwn = Unlock
• Switchblade + Hacksaw + U3 drive
• Elite Keylogger
• WRT + Metasploit = Cheap leave behind

Other Fun Toys Onsite

• FlexiSpy (installs image on cell phone to read SMS, listen to phone calls, etc)
• Pen cams
• USB cams
• Cell phone jammers

All of these different methods to test front/back/side doors don't rule out the low tech attacks.  You could spend a million dollars to prevent someone from hacking the server and they could just walk in the front door and take it.  A really good talk by a guy who really knows his stuff and the only talk I've seen so far at the conference that wasn't specifically about technical vulnerabilities.