Presented at
DeepSec 2017 „Science First!“,
Unknown date/time
(Unknown duration).
A 2 days 100% "hands-on" workshop.
Main topics: Buffer overflow 101: Find and exploit buffer overflows yourself and bypass OS protections (because a lot of pentesters don't even know how it works under the hood); Web exploitation: Manually find and exploit web app vulnerabilities using Burpsuite (Yes, running WebInspect, AppScan, Acunetix or Netsparker is fine but you can do a lot more by hand); Network exploitation: Manually exploit network related vulnerabilities using Scapy, ethercap and Responder (Because it works so often when doing internal pentests); Passwords: Optimize the way you attack offline and online passwords (0day is fun but the way guys come in most of the time is simply by using login/passwords); iOS/Android app hacking: Find and exploit mobile app vulnerabilities using Needle, Frida, Cycript and Hopper (Companies move their apps in the cloud and in the mobile world so pentesters have to evolve … or die) ;
Presenters:
-
Davy Douhine
- RandoriSec
Founder of RandoriSec, a security focused IT firm, Davy Douhine is working in the ITSec field since almost fifteen years. He has mainly worked for financial, banks and defense key accounts doing pentests and trainings to help them to improve their security.
Guillaume Lopes is working in the pentest field for about 10 years.
He has written many ITSec articles and has attended many security conferences.
-
Guillaume Lopes
- Cisco
Founder of RandoriSec, a security focused IT firm, Davy Douhine is working in the ITSec field since almost fifteen years. He has mainly worked for financial, banks and defense key accounts doing pentests and trainings to help them to improve their security.
Guillaume Lopes is working in the pentest field for about 10 years.
He has written many ITSec articles and has attended many security conferences.
Links:
Similar Presentations: