{"id":110,"date":"2008-09-25T08:45:09","date_gmt":"2008-09-25T13:45:09","guid":{"rendered":"http:\/\/www.webadminblog.com\/?p=110"},"modified":"2008-09-25T08:45:09","modified_gmt":"2008-09-25T13:45:09","slug":"tiger-team-appsec-projects-owasp-appsec-nyc-2008","status":"publish","type":"post","link":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/","title":{"rendered":"Tiger Team &#8211; AppSec Projects &#8211; OWASP AppSec NYC 2008"},"content":{"rendered":"<p>This presentation was by Chris Nickerson, founder of Lares Consulting, and the goal was to talk about the use of layered attacks.<\/p>\n<p>General types of threats includes social engineering\/human (corporate\/personal manipulation, bogus e-mails, physical intrusion, media dropping, phone calls, conversation, role playing), electronic (application and business logic attacks, software vulnerability exploitation, &#8230;), physical (break-in, theft, physical access, physical manipulation, violence), and malfunction\/inherent (business logic flaws, software glitches, software coding holes\/exploits, process breakdown, act of god\/war\/terrorism disruption, intended backdoors) and a red team test should cover them all.<\/p>\n<p>Why red teaming?<\/p>\n<blockquote><p>How do you know you can put up a fight if you have never taken a punch?<\/p><\/blockquote>\n<p>Red teaming process: Information Gathering -&gt; Vulnerability Analysis -&gt; Target Selection -&gt; Planning -&gt; Executing the Attack -&gt; Back to step 1<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Process of Attack<\/strong><\/span><\/p>\n<ul>\n<li><strong>Information Gathering:<\/strong> Research methods and useful information (spend most time here)<\/li>\n<li><strong>Vulnerability Analysis:<\/strong> Internal\/external\/hired\/personal<\/li>\n<li><strong>Target Selection:<\/strong> Internal\/external\/hired\/personal<\/li>\n<li><strong>Planning:<\/strong> Plan a, b, e, d, pie<\/li>\n<li><strong>Executing the Attack:<\/strong> Getting what you need and getting out.\u00a0 Not getting greedy.\u00a0 Getting out cleanly.<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Corporate Attack Approach<\/strong><\/span><\/p>\n<ul>\n<li><strong>External Direct:<\/strong> server\/app attack<\/li>\n<li><strong>External Indirect:<\/strong> client side\/phishing\/phone calls<\/li>\n<li><strong>Internal Indirect:<\/strong> key\/cd drops\/propaganda\/creating a spy<\/li>\n<li><strong>Internal Direct:<\/strong> social\/electronic\/physical\/blended<\/li>\n<li><strong>Exotic Attacks<\/strong>: environment manipulation (pulling the fire alarm, etc to move people)<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Information Gathering Tools<\/strong><\/span><\/p>\n<ul>\n<li>Maltego: The best attacks from the best intel (gives a graphical view of how all of the information interacts)<\/li>\n<li>Metagoofil: Yer Dox on the net have Infos (Extracts information from internet documents)<\/li>\n<li>Clez.net (External Profiling)<\/li>\n<li>CentralOps.net (Network Profiling)<\/li>\n<li>Robtex (Server Profiling)<\/li>\n<li>Touchgraph (Show business relationships and links)<\/li>\n<li>ServerSniff (Get tons of webserver specific info and verification)<\/li>\n<li>Netcraft (usage info)<\/li>\n<li>DomainTools (Domain info)<\/li>\n<li>MySpace\/Friendster\/Twitter (know ya enemy)<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Onsite Tools<\/strong><\/span><\/p>\n<ul>\n<li>BootRoot\/SysReQ<\/li>\n<li>Ophcrack Live<\/li>\n<li>Helix\/Backtrack<\/li>\n<li>Core Impact<\/li>\n<li>FireWire PCMCIA Card + Winlockpwn = Unlock<\/li>\n<li>Switchblade + Hacksaw + U3 drive<\/li>\n<li>Elite Keylogger<\/li>\n<li>WRT + Metasploit = Cheap leave behind<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Other Fun Toys Onsite<\/strong><\/span><\/p>\n<ul>\n<li>FlexiSpy (installs image on cell phone to read SMS, listen to phone calls, etc)<\/li>\n<li>Pen cams<\/li>\n<li>USB cams<\/li>\n<li>Cell phone jammers<\/li>\n<\/ul>\n<p>All of these different methods to test front\/back\/side doors don&#8217;t rule out the low tech attacks.\u00a0 You could spend a million dollars to prevent someone from hacking the server and they could just walk in the front door and take it.\u00a0 A really good talk by a guy who really knows his stuff and the only talk I&#8217;ve seen so far at the conference that wasn&#8217;t specifically about technical vulnerabilities.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This presentation was by Chris Nickerson, founder of Lares Consulting, and the goal was to talk about the use of layered attacks. General types of threats includes social engineering\/human (corporate\/personal manipulation, bogus e-mails, physical intrusion, media dropping, phone calls, conversation, role playing), electronic (application and business logic attacks, software vulnerability exploitation, &#8230;), physical (break-in, theft, [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[127,4],"tags":[76,128,12,167,622,166,165],"class_list":["post-110","post","type-post","status-publish","format-standard","hentry","category-owasp-appsec-nyc-2008","category-web-app-sec","tag-application","tag-appsec","tag-owasp","tag-projects","tag-security","tag-team","tag-tiger"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.10 - aioseo.com -->\n\t<meta name=\"description\" content=\"This presentation was by Chris Nickerson, founder of Lares Consulting, and the goal was to talk about the use of layered attacks. General types of threats includes social engineering\/human (corporate\/personal manipulation, bogus e-mails, physical intrusion, media dropping, phone calls, conversation, role playing), electronic (application and business logic attacks, software vulnerability exploitation, ...), physical (break-in, theft,\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Josh\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.10\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Web Admin Blog | Real Web Admins.  Real World Experience.\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Tiger Team \u2013 AppSec Projects \u2013 OWASP AppSec NYC 2008 | Web Admin Blog\" \/>\n\t\t<meta property=\"og:description\" content=\"This presentation was by Chris Nickerson, founder of Lares Consulting, and the goal was to talk about the use of layered attacks. General types of threats includes social engineering\/human (corporate\/personal manipulation, bogus e-mails, physical intrusion, media dropping, phone calls, conversation, role playing), electronic (application and business logic attacks, software vulnerability exploitation, ...), physical (break-in, theft,\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2008-09-25T13:45:09+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2008-09-25T13:45:09+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Tiger Team \u2013 AppSec Projects \u2013 OWASP AppSec NYC 2008 | Web Admin Blog\" \/>\n\t\t<meta name=\"twitter:description\" content=\"This presentation was by Chris Nickerson, founder of Lares Consulting, and the goal was to talk about the use of layered attacks. General types of threats includes social engineering\/human (corporate\/personal manipulation, bogus e-mails, physical intrusion, media dropping, phone calls, conversation, role playing), electronic (application and business logic attacks, software vulnerability exploitation, ...), physical (break-in, theft,\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/25\\\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\\\/#article\",\"name\":\"Tiger Team \\u2013 AppSec Projects \\u2013 OWASP AppSec NYC 2008 | Web Admin Blog\",\"headline\":\"Tiger Team &#8211; AppSec Projects &#8211; OWASP AppSec NYC 2008\",\"author\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#organization\"},\"datePublished\":\"2008-09-25T08:45:09-05:00\",\"dateModified\":\"2008-09-25T08:45:09-05:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/25\\\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/25\\\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\\\/#webpage\"},\"articleSection\":\"OWASP AppSec NYC 2008, Web Application Security, application, appsec, owasp, projects, Security, team, tiger\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/25\\\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.webadminblog.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/security\\\/#listItem\",\"name\":\"Security\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/security\\\/#listItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/security\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/security\\\/web-app-sec\\\/#listItem\",\"name\":\"Web Application Security\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/security\\\/web-app-sec\\\/#listItem\",\"position\":3,\"name\":\"Web Application Security\",\"item\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/security\\\/web-app-sec\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/25\\\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\\\/#listItem\",\"name\":\"Tiger Team &#8211; AppSec Projects &#8211; OWASP AppSec NYC 2008\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/security\\\/#listItem\",\"name\":\"Security\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/25\\\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\\\/#listItem\",\"position\":4,\"name\":\"Tiger Team &#8211; AppSec Projects &#8211; OWASP AppSec NYC 2008\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/security\\\/web-app-sec\\\/#listItem\",\"name\":\"Web Application Security\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#organization\",\"name\":\"Web Admin Blog\",\"description\":\"Real Web Admins.  Real World Experience.\",\"url\":\"https:\\\/\\\/www.webadminblog.com\\\/\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/#author\",\"url\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/\",\"name\":\"Josh\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/25\\\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/17951f69795527f90a4e9cb75ad6c9b3?s=96&d=identicon&r=pg\",\"width\":96,\"height\":96,\"caption\":\"Josh\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/25\\\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\\\/#webpage\",\"url\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/25\\\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\\\/\",\"name\":\"Tiger Team \\u2013 AppSec Projects \\u2013 OWASP AppSec NYC 2008 | Web Admin Blog\",\"description\":\"This presentation was by Chris Nickerson, founder of Lares Consulting, and the goal was to talk about the use of layered attacks. General types of threats includes social engineering\\\/human (corporate\\\/personal manipulation, bogus e-mails, physical intrusion, media dropping, phone calls, conversation, role playing), electronic (application and business logic attacks, software vulnerability exploitation, ...), physical (break-in, theft,\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/25\\\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/#author\"},\"datePublished\":\"2008-09-25T08:45:09-05:00\",\"dateModified\":\"2008-09-25T08:45:09-05:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#website\",\"url\":\"https:\\\/\\\/www.webadminblog.com\\\/\",\"name\":\"Web Admin Blog\",\"description\":\"Real Web Admins.  Real World Experience.\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Tiger Team \u2013 AppSec Projects \u2013 OWASP AppSec NYC 2008 | Web Admin Blog","description":"This presentation was by Chris Nickerson, founder of Lares Consulting, and the goal was to talk about the use of layered attacks. General types of threats includes social engineering\/human (corporate\/personal manipulation, bogus e-mails, physical intrusion, media dropping, phone calls, conversation, role playing), electronic (application and business logic attacks, software vulnerability exploitation, ...), physical (break-in, theft,","canonical_url":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/#article","name":"Tiger Team \u2013 AppSec Projects \u2013 OWASP AppSec NYC 2008 | Web Admin Blog","headline":"Tiger Team &#8211; AppSec Projects &#8211; OWASP AppSec NYC 2008","author":{"@id":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/#author"},"publisher":{"@id":"https:\/\/www.webadminblog.com\/#organization"},"datePublished":"2008-09-25T08:45:09-05:00","dateModified":"2008-09-25T08:45:09-05:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/#webpage"},"isPartOf":{"@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/#webpage"},"articleSection":"OWASP AppSec NYC 2008, Web Application Security, application, appsec, owasp, projects, Security, team, tiger"},{"@type":"BreadcrumbList","@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com#listItem","position":1,"name":"Home","item":"https:\/\/www.webadminblog.com","nextItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/security\/#listItem","name":"Security"}},{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/security\/#listItem","position":2,"name":"Security","item":"https:\/\/www.webadminblog.com\/index.php\/category\/security\/","nextItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/security\/web-app-sec\/#listItem","name":"Web Application Security"},"previousItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/security\/web-app-sec\/#listItem","position":3,"name":"Web Application Security","item":"https:\/\/www.webadminblog.com\/index.php\/category\/security\/web-app-sec\/","nextItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/#listItem","name":"Tiger Team &#8211; AppSec Projects &#8211; OWASP AppSec NYC 2008"},"previousItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/security\/#listItem","name":"Security"}},{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/#listItem","position":4,"name":"Tiger Team &#8211; AppSec Projects &#8211; OWASP AppSec NYC 2008","previousItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/security\/web-app-sec\/#listItem","name":"Web Application Security"}}]},{"@type":"Organization","@id":"https:\/\/www.webadminblog.com\/#organization","name":"Web Admin Blog","description":"Real Web Admins.  Real World Experience.","url":"https:\/\/www.webadminblog.com\/"},{"@type":"Person","@id":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/#author","url":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/","name":"Josh","image":{"@type":"ImageObject","@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/17951f69795527f90a4e9cb75ad6c9b3?s=96&d=identicon&r=pg","width":96,"height":96,"caption":"Josh"}},{"@type":"WebPage","@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/#webpage","url":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/","name":"Tiger Team \u2013 AppSec Projects \u2013 OWASP AppSec NYC 2008 | Web Admin Blog","description":"This presentation was by Chris Nickerson, founder of Lares Consulting, and the goal was to talk about the use of layered attacks. General types of threats includes social engineering\/human (corporate\/personal manipulation, bogus e-mails, physical intrusion, media dropping, phone calls, conversation, role playing), electronic (application and business logic attacks, software vulnerability exploitation, ...), physical (break-in, theft,","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/www.webadminblog.com\/#website"},"breadcrumb":{"@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/#breadcrumblist"},"author":{"@id":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/#author"},"creator":{"@id":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/#author"},"datePublished":"2008-09-25T08:45:09-05:00","dateModified":"2008-09-25T08:45:09-05:00"},{"@type":"WebSite","@id":"https:\/\/www.webadminblog.com\/#website","url":"https:\/\/www.webadminblog.com\/","name":"Web Admin Blog","description":"Real Web Admins.  Real World Experience.","inLanguage":"en-US","publisher":{"@id":"https:\/\/www.webadminblog.com\/#organization"}}]},"og:locale":"en_US","og:site_name":"Web Admin Blog | Real Web Admins.  Real World Experience.","og:type":"article","og:title":"Tiger Team \u2013 AppSec Projects \u2013 OWASP AppSec NYC 2008 | Web Admin Blog","og:description":"This presentation was by Chris Nickerson, founder of Lares Consulting, and the goal was to talk about the use of layered attacks. General types of threats includes social engineering\/human (corporate\/personal manipulation, bogus e-mails, physical intrusion, media dropping, phone calls, conversation, role playing), electronic (application and business logic attacks, software vulnerability exploitation, ...), physical (break-in, theft,","og:url":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/","article:published_time":"2008-09-25T13:45:09+00:00","article:modified_time":"2008-09-25T13:45:09+00:00","twitter:card":"summary_large_image","twitter:title":"Tiger Team \u2013 AppSec Projects \u2013 OWASP AppSec NYC 2008 | Web Admin Blog","twitter:description":"This presentation was by Chris Nickerson, founder of Lares Consulting, and the goal was to talk about the use of layered attacks. General types of threats includes social engineering\/human (corporate\/personal manipulation, bogus e-mails, physical intrusion, media dropping, phone calls, conversation, role playing), electronic (application and business logic attacks, software vulnerability exploitation, ...), physical (break-in, theft,"},"aioseo_meta_data":{"post_id":"110","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2025-01-03 22:52:56","updated":"2025-07-17 07:10:23","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.webadminblog.com\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.webadminblog.com\/index.php\/category\/security\/\" title=\"Security\">Security<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.webadminblog.com\/index.php\/category\/security\/web-app-sec\/\" title=\"Web Application Security\">Web Application Security<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tTiger Team \u2013 AppSec Projects \u2013 OWASP AppSec NYC 2008\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/www.webadminblog.com"},{"label":"Security","link":"https:\/\/www.webadminblog.com\/index.php\/category\/security\/"},{"label":"Web Application Security","link":"https:\/\/www.webadminblog.com\/index.php\/category\/security\/web-app-sec\/"},{"label":"Tiger Team &#8211; AppSec Projects &#8211; OWASP AppSec NYC 2008","link":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/"}],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pfI0c-1M","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/110","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/comments?post=110"}],"version-history":[{"count":1,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/110\/revisions"}],"predecessor-version":[{"id":111,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/110\/revisions\/111"}],"wp:attachment":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/media?parent=110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/categories?post=110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/tags?post=110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}