SecTor 2010 - Canada's Premier IT
Security Conference. Mastering Trust: Hacking People, Networks, Software,
and Ideas. - Pete Herzog
Why can't we make the right decision all
the time? Our sense of trust is broken. Lies, deceit, fraud, and
insinuations make up a large part of crime for a reason. We are bad at
trust. It's in our biology. It's why we sometimes make the wrong friends,
date the wrong people, buy the wrong car, and do things that in retrospect
were really really dumb. Now consider the fact that trust makes up the
majority of security decisions from who you let in to what you connect to
and you see we have a very big problem. This talk shows you how we are
broken, how to analyze and test trusts, how the ISECOM trust metrics work,
how they are used to replace risk assessments in many organizations, and
how they can help you make better overall decisions.
October 14th, 2010 - North Carolina, USA
Pete Herzog presented
the Smarter Safer Better seminar series. Using current OSSTMM research to teach how to see through lies, stop
yourself from being used or fooled, and how to better decisions by fixing
your "gut instincts". It's heavy details on anti social-engineering and a
way of applying security awareness that makes
sense to non-security people.
More details of the Smarter Safer Better seminar series is available here:
May 27th, 2010 - Amsterdam, The Netherlands Outpost24/Lab106, Quality: Back to Basics - Pete Herzog, Managing Director
ISECOM: Chairman of the day / event host
May 8th, 2010 - Universidad Camilo José Cela,
VI Jornada IEA - 11:15 - 13:00 "Mastering Trust" workshop with Pete Herzog
Pete Herzog presented the latest ISECOM research
on operational trust and how to use trust metrics to see through lies, fraud,
and deception and make quicker, better decisions.
March 8-12 2010, Troopers'10, Heidelberg,
Pete Herzog presents his Keynote covering on how to
combine attack surface metrics and trust metrics to eliminate patching,
eliminate risk assessments, and to build more secure infrastructures.
November 27th, Barcelona - Press Release
(spanish) by dotfore.es. Pete
Herzog cautiva a los asistentes en el seminario Las Claves de la Supervivencia
Barcelona, 27 de noviembre de 2009 - ¡Es un crack! Fue la frase más repetida
durante el Seminario Las Claves de la Supervivencia Digital organizado por Dot
Force los pasados 18 y 19 de noviembre en Barcelona y Madrid. [
November 18th Barcelona, November 19th Madrid.
Seminar organized by dotforce.es: Las Claves de la Supervivencia Digital
Con la participación de Pete Herzog como ponente
estrella, gran visionario que ha roto los esquemas de la seguridad tal y como
hasta ahora la entendíamos, este seminario cubrirá las metodologías más
desafiantes en asesoramiento de seguridad, las novedades en gestión documental
segura, la interoperabilidad de la firma electrónica dentro del marco legal
nacional y europeo y el porqué de la necesidad de proteger las claves de firma
November 1st -
The Psychology Today Magazine article, "Everyday
Carlin Flora begins with an example of Pete Herzog doing
basic toy hacking. It's an interesting article that explores how
creative non-artistic people can be. It's
something I always felt is the advantage of people over computers for
October 2009 - "Security Testing by Methodology: the OSSTMM" by Simon
Wepfer & Pete Herzog
September 2009 - CERN, France &
Switzerland. Visit to the Atlas and LHCb and Seminar "Securing
with the OSSTMM" by Pete Herzog and Nicolas Mayencourt (Dreamlab
Technologies AG, Affiliate Partner of ISECOM in Switzerland)
The Open Source Security Testing Methodology Manual is well on its
way of being part of the ISO standard for security and a
world-recognized standard in its own right. However many of its
concepts are not only new but contradict accepted best practices and
the current security body of knowledge. This seminar will show you how
this came to be, why it's correct, and how the OSSTMM will allow you
to not only find perfect security but also to analyze and measure it.
September 2, 2009 - ISECOM Chooses
Indianapolis as US Center for Hacking Research INDIANAPOLIS, Sept. 2, 2009 (GLOBE NEWSWIRE)
-- The international non-profit security research institute ISECOM has
chosen Indianapolis as their U.S. base for projects and research.
ISECOM is best known for freely providing the OSSTMM, a worldwide
standard methodology for security testing which is used to hack
computer systems, trick people, and get around home security sensors
and alarms to test their effectiveness
July 2009 - Peter Herzog and Marta Barceló were interviewed by Anna
Mas for the Cardedeu
Newspaper "El NAS" (catalan).
June 16th, 2009 - Amsterdam, The
Netherlands - Black Hats Session Part VII: Hacked! And now? Pete
Herzog was invited by our dutch partner Outposr24/Lab 106 and
presented "The Moebius Defense".
'I focused the main presentation on Anti-Guerrilla Warfare tactics,
why defense in depth doesn't work, and the new Möbius Defense along
with graphics the NEW attack visualization technology we are now
using. The presentation is now
available here. I did also do a radio/podcast interview with the
company Madison Ghurkha who co- runs the event there so as soon as
that's available you can hear me defend it.
October 8 2008, SecTor, Toronto,
Canada. "The New New Thieves" by Pete Herzog
October 5 to 10, 2008 - Bolivia,
CCBol2008 Congress (XV Congreso Nacional de Ciencias de la
Computación) - Hernán M. Racciatti talked about the OSSTMM and
August 15, 2008 - "Security
Audits: Sicherheitsscheck für ICT" (German), Article for
Computerworld by Christoph Baumgartner
July 22nd 2008 - Hacking
Exposed Linux is available!
as an open, collaborative, ISECOM project, this is a completely new
re-write for hacking and securing Linux. We got together more than 30
sharp, Linux and security minds to write and review the book to make a
great book. Plus, it's ISECOM's first book!
April 2 - 5 2007, Hack in The Box
Security Conference - Dubai
Raoul Chiesa - X.25 Networks in the Arab World
The presentation will focus on X.25 security issues, positioned in
nowadays’ contest and problems.
The main intention is to bring personal and professional know-hows,
backgrounds and X.25 penetration testing experiences to the auditorium,
with real-life case studies. You will discover how an airplane flying over
the Atlantic Ocean uses X.25 packet switching to communicate with the
outside world, as well as why many government institutions around the
world still uses the reliable frame-relay X.25 networks. The talk will
zoom on X.25 on the Arab world, and will detail as well the ISECOM OSSTMM
sections related to X.25 professional penetration testing.
February 28, 2007 - FOSDEM
videos available -
I just saw that the FOSDEM videos have been posted (fosdem.org). FOSDEM was a
really great event with a lot of energy! It was a real pleasure to speak there.
My talk went pretty smoothly and highlights the OSSTMM 3 and the metrics pretty
well. You can see it too by downloading it
It's an Ogg/Theora encoded video so you may need VLC to play it (see
http://videolan.org/ to get it) or if you know your video stuff you can go
directly to the codec page at
February 2007 - FOSDEM, interview with Pete Herzog -
posted by Admin
Pete Herzog is an exception among the speakers at FOSDEM 2007.
His main focus it not a software project, but a "methodology" -- and one that
aims to improve and measure IT security.
What do you want to tell the FOSDEM audience in your talk?
I want to show people that network security testing and analysis is complicated
and they shouldn't rely on just their security scanners to tell them the
answers. Security verification and analysis is something they should learn to do
themselves or else they will miss many of the problems which the tools fail to
December 2006, Argentina Hacking In
Schools, Article published by Infobae.com about Kwell implementing the
Hacker Highschool Project in Argentina. [more]
September 18 - 21 2006, HITBSecConf2006,
Kuala Lumpur, Malaysia. Raoul Chiesa,
Director of Communications of ISECOM and Founder and CTO of @Mediaservice.net
Srl speaks at the 'Hack
In The Box' Security Conference in Malaysia. For detailed information please
June 15 - 16 2006, Barcelona - CISO Executive Summit and Roundtable
Pete Herzog, Managing Director of ISECOM, will be joining the panel
Legal & Compliance Challenges for Today's CISO - Obstacles &
at the CISO Summit in Barcelona.
May 16th to 19th 2006 - Orbit-iEX ‘06, in Zurich at
the Solution Parkof IX Europe.
Dreamlab / ISECOM will be present at the IX Europe stand atthe Orbit-iEX ‘06, in Zurich for more information visit:http://www.orbit-iex.ch/
November 7th to 11th 2005, Athens
The OSSTMM meets the Hellenic Data Protection Authority (HDPA) CLICK TO ENLARGE
From the left:Ivan Verri (@ Mediaservice.net,
Italy), The Auditor's Team at Hellenic Data
Stavroula Ventouri (@ Mediaservice.net, Greece),
Raoul Chiesa, ISECOM Director of Communications
April 2005, OPSA Students after attending a
Rome held by @ Mediaservice.net S.r.l.:
Fabio Giudici, Manuel Cavalieri, Massimiliano Graziani, Matteo Paolelli,
Marco Demma, Fabrizio Sensibile (OPST & OPSA Trainer)
November 7th to 11th 2005, Athens
The OSSTMM meets the Hellenic Data Protection Authority (HDPA) @ Mediaservice.net in collaboration with Datelec Hellas
completed with success the educational training, titled “OSSTMM Basic
Introduction, Theory and Practice”, on behalf of the Department of
Auditors of the Hellenic Data Protection Authority. This constitutes the
first part of a broader educational training, titled “Security Testing
Path based on OSSTMM by ISECOM”.[more]
November 7th to 11th 2005, Athens @ Mediaservice.net was at the Hellenic Data
Protection Authority (Athens), teaching the class "Basic
Introduction to the OSSTMM and Proactive Security".
June30th 2005, Rome, ISACA Chapter Speaker: Raoul Chiesa, ISECOM's Director of Communications
Title: The End of Ethical Hacking
June 26 - 30 2005 in
Washington, DC - DIAAnnual Meeting, the
largestPharmaceutical conference in the US.
ISECOM was represented by Kim Truett and Robert E. Lee.
June 21st 2005, Buenos Aires, Argentina Hernán Marcelo Racciatti and Diego San Esteban
represented ISECOM at the "Infosecurity 2005" event in
Buenos Aires. The topic was the OSSTMM and the RAVs.
June 16th - 17th, The 2nd Annual CISO Executive
Summit 2005, Geneva - Switzerland
Nick Mayencourt and Martin Rutishauser of ISECOM Switzerland
talked about the myth of patching as well as the
practicality (or necessity) of VOIP security.
June 3rd 2005, Hotel Sheraton, Buenos Aires, Argentina - Security & Ethical Hacking
- Conference & Exhibition
Hernan Marcelo Racciatti and Diego San Esteban presented
the OSSTMM and ISECOM's certifications.
June 2nd, 2005, 6-9 PM, ESNE - Madrid
"ISM3:easier Information SecurityManagement"
by Vicente Aceituno
May 27th 2005 - Security Management 2005, Buenos Aires,
Argentina Diego San Esteban represented ISECOM.
2005, Milan, Crown Plaza Hotel, LINUX WORLD EXPO (Workshop) Speaker: Fabrizio Sensibile, ISECOM Authorized
Title: An Introduction to the OSSTMM
May 25th - 26th, IS2 2005 (Information Security
Summit), Prague - Czech Republic Pete Herzog presented the following topics: "The End of Ethical Hacking"
How one company had their ethical hacking team apply the OSSTMM to gainproduct insight instead of just finding vulnerabilities.
-Case Study on Security Procurement: gedas Iberia SSL-VPN test lab
-The Open Source Security Testing Methodology (OSSTMM) 3.0
-How Risk Assessment Values (RAVs) 3.0 Work
-OSSTMM Harmonization with Made-to-Order Methodologies
May25th 2005, Milan, Crown Plaza Hotel, LINUX WORLD EXPO
(Keynote Speech) Speaker: Raoul Chiesa, ISECOM's Director of
Title: The Hacker High School Project
April 7th, 2005 - Hacker High BBC World Report by
conventional approach to fighting hacking is for authorities to ban it and
punish anything that looks, sounds or smells like it. But forbidden fruits are
often the most tempting, and measures designed to halt the hacker's hand can
often seem to hackers themselves like a sporting challenge. David Reid reports
from the Spanish city of Barcelona, where the battle against hacking has taken a
liberal turn. [READ MORE]
March 9-10th, 2005
bSecure Conference, Mexico City, Mexico,
Isecom Associate, Luis Javier Pérez presented the topic "Bluetooth andmobile phones" in the wireless security panel. The
talk was centered onbluetooth usage growing and the risks associated with it as well asrisks posed by mobile phone use.
The event, sponsored by Mexican security magazine bSecure,focused on thestrategies needed to ensure a secure environment, highlighting hacking,spyware, spam, phishing, wireless, forensics, computer crime and bestpractices for information security.
February 2004 - OPST Students after attending a class held by
Sensecurity Institute in Singapore. (Left to Right): Mr Christopher
Low (Chief Instructor, Sensecurity), Mr Gordon Tan (Customer Support
Engineer, Seven Seas), Mr Alex Neo Chee Teong (Asst Manager, CSIT), Mr
Kelvin Goh Kien Ming (PWC), Mr Chiong Yew Heng (Senior Consultant, SAP)
Daniel Fernández (founder of Internet Security
Auditors, and ISECOM Training Partner) represented ISECOM at a certifications
round table at SIMO, the most important computer and telecommunications congress
in Spain. Other participants were José Manuel Ballester (President
of ISACA), Rafael Ausejo (Product Manager
of Sentryware),Javier Pagès
(President of ISSA) and Pablo
Martín, (Microsoft Ibérica, S.R.L.).
Benefits about the most recognized independent
security certifications were presented and commented, like those with the
biggest grade of compatibility, complementation and recognition.
The speakers made the participants aware of the
need to get those certifications as a quality proof in front of clients who
contract security personell of any level, as well as an excellent way to
differenciate professionals in the security area.
October 16-23 2004, LAS VEGAS, NV - USA -
September 28-30 2004, Berlin, Germany - informaton security solutions europe
Renowned for its rich content from an independent perspective, ISSE (Information
Security Solutions Europe) is the leading European security conference designed
to educate and inform leading ICT security professionals, policy makers, and
industry leaders, on the latest developments in technology, solutions, trends
and best practice on a wide range of security topics.
Nick Mayencourt of Dreamlab Inc and ISECOM Partner presented
the topic "OSSTMM Risk Assessment Values: a practical approach towards
August 12, 2004 - Non-Profit Provides
Hacker Re-Training. As part of their mission to promote security and privacy
awareness, the non-profit ISECOM (www.isecom.org)
is bringing its week-long forum and cross-training event, ISESTORM (www.isestorm.org),
to the University of Nevada, Las Vegas from October 16th to the 23rd
with support from UNLV's Rebelcard Services. [more]
August 13, 2004 -Hacker Highschool
Teachers Wanted. Las Vegas, NV - August 13, 2004 - "The principles of
hacking should be taught in schools," said Pete Herzog. "It is the
principles teens need to learn to avoid from being victims on the
September 26, 2004,
Robert E. Lee, Dyad Security, Deep Network Analysis:
OSSTMM Based Security Testing, An introduction to Unicornscan.
This talk focused on the fundamentals of using
the Open Source Security Testing Methodology Manual (OSSTMM - www.osstmm.org)
while performing security testing engagements as well as
our vision for the future of the security testing industry. It also introduced
a new Open Source (GPL) tool, Unicornscan. Unicornscan was built to be a very
Scalable, Accurate, and Flexible information gathering engine. During the
presentationsome of Unicornscan's more exciting features
were showed off. Unicornscan
was released for the first time to the public
shortly after the talk.
September 24th, Linux World Expo Italy.
Raoul Chiesa, Director of Communications for ISECOM,
talked about the OSSTMM and professional security certifications
at Linux World Expo Italy. The topic was "Open Source
methodologies for proactive IT security"
In the afternoon Mirato SpA and Noicom SpA provided
their experiences about using the OSSTMM.
August 30, 2004 -
How secure are you?
By Mathew Schwartz
A tool released today will help organizations move beyond general
best-security practices to discern exactly how many systems are actually
August 18th 2004, Chicago, USA -
FFIEC Federal Financial Institutions Examination Council's
ISECOM's Director of Projects and Resources, Robert E. Lee,
gave a 90 minute talk on the topic of
Vulnerability Testing using the Open Source Security Testing Methodology
The Council is a formal interagency body empowered to prescribe uniform
principles, standards, and report forms for the federal examination of
financial institutions by the Board of Governors of the Federal Reserve
System (FRB), the Federal Deposit Insurance Corporation (FDIC), the
National Credit Union Administration (NCUA), the Office of the
Comptroller of the Currency (OCC), and the Office of Thrift Supervision
(OTS) and to make recommendations to promote uniformity in the
supervision of financial institutions.
August 3, 2004 - TIC
August released for Gold members and
June 16-17 2004, Noga Hilton Hotel, Geneva - CISO Executive Summit Nicolas Mayencourt and Sylvie Reinhardt (DreamLab Inc.) represented
ISECOM at the MIS Training’s annual CISO Executive Summit will be an intensive
learning and networking experience that will address the unique challenges faced
by today’s CISO. The agenda weaves together real business cases and round table
debates. The event is designed for IT Directors, Chief Security Officers, Heads
of IT Security and senior executives, strategists and their advisors, who want
to improve the security of their organisation’s systems for the benefit of their
employees and customers.
March 24-25-26 2004, Buenos Aires, Argentina -
Hernan Marcelo Racciatti and Diego San Esteban
represented ISECOM at the Latin-American Security Event 'Mas Alla del
Password'. Organized by The CCAT (High-Tech Education Center, Centro
de Capacitacion en Alta Tecnologia) and Convergencia Latina,
Latin-America's most expected Information Security conference.
Many of the most distinguished Enterprises, Organizations and security
specialists were Speakers at the conference. Subjects ranged from
Security Management from the enterprise point-of-view to deeply
technical speeches about different methods of explotation of
March 4th 2004 - TIC November 2003 November Issue of
the Invisible Catalog (TIC) publicly released.
23-27 February - ISECOM at the RSA Conference in San Francisco.
17 February, 2004,
"Security Testing and Analysis" lecture Richard Feist of Nyx Technologies (www.nyxtec.net) completed a 3hr
lecture titled "Security Testing and Analysis" to the approx. 30
students of the
Sec course at Royal Holloway , University of London. The lecture was
a cut down form of the OPSA course and gave a good introduction to the
class on the OSSTMM and various aspects involved in setting up and
delivering OSSTMM based security tests.
May 2002 Pete Herzog´s Interview on COMRàdio - May 30th 2002
(CATALAN & ENGLISH) La Malla Ràdio -
Parlem de seguretat informàtica amb Pete Herzog,
un dels “ethical hackers” més reconeguts a nivell internacional i
coordinador de Ideahamster, en el site del qual podem trobar l’ OSTMM,
l’ únic estàndard públic per analitzar els riscos de seguretat a la
xarxa. També entrevistem Jaume Abella, responsable de l’ àrea de
telemàtica i director del màster en seguretat La Salle.
October 1st 2003 - First Issue of the Invisible Catalog. This catalog is delivered privately to GOLD TEAM
subscribers of ISECOM and then released to the public after 3 months.
September 2003 - New Partner in Switzerland
Dreamlabwill provide OPST and OPSA training in Switzerland.
August 25th 2003 -
OSSTMM 2.1 Press Release
Barcelona, Spain – 25th August 2003 – The Institute for Security and
Open Methodologies (ISECOM) unveils the much anticipated 2.1 release of
the Open Source Security Testing Methodology Manual (OSSTMM).
August 2003 - OPRP Database The Open Protocol Resource is now a searchable
database. Dru Lavigne has done some great work on this already and
we could use a lot more support. The database supports updates and
suggestions so you too can contribute. Access the
ISECOM is an open, collaborative,
non-profit, scientific, security research organization registered in Catalunya, Spain. All research here has been performed without
commercial or partisan influence. Contact
us directly to be a security researcher on the ISECOM team.
While all documents on this site are available under
Copyleft and the
Open Methodology License,
do check the licenses within each tool or document prior to copying,
modifying, or distribution for any individually stated requirements.
Additionally, all research is provided here for information purposes
only and ISECOM is not responsible for any misuse.