Lares Consulting - Protecting what matters most

Experience:

Sample Social Engineering Engagements:
 
  International Airport:        The Lares engineers were engaged to conduct Social Engineering for a
                                 major international airport, during a blended threat assessment. Engineers were successful
                                 in social engineering their way into secured office areas. Once inside, the engineers crawled
                                 above the ceiling tiles to access the secure server room next door as well as the engineering
                                 level above the main floor of the terminal building. From here engineers were able to
                                 control video surveillance, electricity, ventilation systems, and phone systems in their
                                 entirety. Once this compromise had occurred, engineers proceeded to the Baggage Claim
                                 area where an information computer kiosk was stationed. Engineers picked the lock on the
                                 kiosk, removed the mouse and keyboard from inside, and after breaking out of the
                                 “informational” application, used the computer to download hacking utilities from the
                                 internet and had complete control of the internal network systems within 30 minutes. This
                                 all occurred on a Sunday during the day (one of the busiest travel days for an international
                                 airport). Engineers were only confronted once while hacking from the kiosk, and responded
                                 to the employee that a “security assessment” was being performed. No badges were visible
                                 on either engineer and the employee was convinced after a five minute conversation that
                                 everything was ok and no security was notified. It is important to note that all of this
                                 occurred on the day the threat level was raised to “orange” (September of 2006).

  
  Car Dealership:               Engineers were engaged to test the security of Symbolic Motors, an exotic car
                                  dealership located in La Jolla, California. In this episode, the Tiger Team employs two distinct
                                  social engineering attacks, one rogue wireless access point attack, and a complex physical
                                  attack to gain unabated access sensitive customer information and millions of dollars worth
                                  of cars on the show room floor.
                                   
                                  The episode may be viewed at: http://www.trutv.com/video/?id=870&link=truTVshlk

  
  Custom Jeweler:              Engineers were engaged to test the security of Jason of Beverly Hills, a custom
                                   jeweler located in Beverly Hills, California. In this episode, the Tiger Team employs a social
                                   engineering attack, an RFID cloning attack, a complex physical attack, and a safe-cracking
                                   attack to gain access to millions of dollars worth of precious gems and sensitive customer
                                   information.

                                   The episode may be viewed at:
                                   http://video.google.com/videoplay?docid=5642547759793319840

  
  NOTE: Lares Consulting will not engage or conduct exercises that will endanger Human life or safety,
or is deemed illegal by local, state, or federal laws. Lares Consulting requires a signed letter of
permission to be carried on the engineer’s body at all times during testing efforts.



Publication and Media (Books, Articles, Interviews):

  Publications:
   -   Aggressive Network Self Defense
   -   Contributing writer to COBIT
   -   Contributing writer to ISO17799, and one of less than 1000 certified auditors of the
       ISO17799 (international standards for security best practices).
   -   Author of multiple national / international security awareness training programs

  Streaming Media:
   -    Tiger Team TruTV Episodes: http://www.trutv.com/video/?id=870&link=truTVshlk

  Audio Interview:
    -   Denver KHOW AM:
        http://a1135.g.akamai.net/f/1135/18227/1h/cchannel.download.akamai.com/
        18227/podcast/DENVER-CO/KHOW-AM/1218PETE7A.mp3?CPROG=
        PCAST&MARKET=DENVER-CO&NG_FORMAT=talk&SITE_ID=636&STATION
        _ID=KHOW-AM&PCAST_AUTHOR=Peter_Boyles&PCAST_CAT=Spoken_Word&
       PCAST_TITLE=The_Complete_Pete

  Press Articles:
   -    Forbes:
        http://www.forbes.com/businesswire/feeds/businesswire/2007/12/21/businesswire
        20071221005497r1.html

   -    Chicago Tribune:
        http://www.chicagotribune.com/business/chitue_outlook_tech_0101jan01,0,5751353.story

   -    Wikipedia:
        http://en.wikipedia.org/wiki/Tiger_Team_(TV_series)

   -   Wired:
       http://blog.wired.com/geekdad/2007/12/hackers-on-cour.html

   -   Gizmondo:
       http://feeds.feedburner.com/r/boingboing/iBag/3/206371719/it-securitythemed-se.html

   -   The Peter Boyles Show:
        http://www.khow.com/cc-common/podcast/single_podcast.html?podcast=fullshow_boyles.xml

  Speaking Engagements:
   
  The Lares engineers are engaged to present as keynote speakers on Security topics such as blended
threat, compliance/regulations, and best practices for worldwide audiences. Currently, the team
averages three speaking engagements per month. A sample of the repeatable conferences the team
has participated in include:
  
   -   DefCon (Worldwide Hacking Convention)
   -   ChicagoCon ( Keynote)
   -   BlackHat (Worldwide Technical Security Conference)
   -   Hackerfest (Security Summit for Upstate New York)
   -   Bi-weekly webcasts on security for web sites such as whitehatworld.com
   -   Monthly engagements include organizations such as IDG and Security Focus.