Advanced Penetration Testing in the Real World

Presented at DeepSec 2018 „I like to mov &6974,%bx“, Unknown date/time (Unknown duration).

Guillaume and Davy, senior pentesters, will share many techniques, tips and tricks with pentesters, red teamers, bug bounty researchers or even defenders during a 2-day 100% "hands-on" workshop. This is the very training you'd like to have instead of wasting your precious time trying and failing while pentesting. The main topics of the training are: - Buffer overflow 101: Find and exploit buffer overflows yourself and bypass OS protections. (A lot of pentesters don't even know how it works. So let's have a look under the hood); - Web exploitation: Manually find and exploit web app vulnerabilities using Burpsuite. (Yes, running WebInspect, AppScan, Acunetix or Netsparker is fine but you can do a lot more by hand); - Network exploitation: Manually exploit network related vulnerabilities using Scapy, ethercap and Responder. (Because it works so often when doing internal pentests); - Passwords: Optimize the way you attack offline and online passwords. (0day is fun, but the way attackers gain access most of the time is simply by using login/passwords); - Mobile app hacking: Find and exploit Android/iOS app vulnerabilities using Needle, Frida, Cycript and Hopper. (Companies move their apps into the cloud and the mobile world so pentesters have to evolve with that… or die);

Presenters:

  • Guillaume Lopes - RandoriSec
    Founder of RandoriSec, a security focused IT firm, Davy Douhine is working in the ITSec field since almost fifteen years. He has mainly worked for financial, banks and defense key accounts doing pentests and trainings to help them to improve their security. Guillaume Lopes is working in the pentest field since about 10 years. He has written many ITSec articles and has attended many security conferences.
  • Davy Douhine - RandoriSec
    Founder of RandoriSec, a security focused IT firm, Davy Douhine is working in the ITSec field since almost fifteen years. He has mainly worked for financial, banks and defense key accounts doing pentests and trainings to help them to improve their security. Guillaume Lopes is working in the pentest field since about 10 years. He has written many ITSec articles and has attended many security conferences.

Links:

Similar Presentations: