Presented at
DEF CON 16 (2008),
Unknown date/time
(Unknown duration)
When penetration testing large environments, testers require the ability to maintain persistent access to systems they have exploited, leverage trusts to access other systems, and increase their foothold into the target. Post exploitation activities are some of the most labor intensive aspects of pen testing. These include password management, persistent host access, privileged escalation, trust relationships, acquiring GUI access, etc. Penetration testers acquire hashes, crack them, keep track of which passwords go with which usernames / systems and finally reuse this information to penetrate further systems.
Presenters:
-
Colin Ames
- Researcher, Offensive Computing, LLC
Colin Ames is a security researcher with Offensive Computing LLC where he consults for both the private and public sectors. He's currently focused on Pen testing, Reverse Engineering, Malware Analysis and Steganographic research. He has spoken previously at RSA and other venues.
-
Valsmith
- CTO, Offensive Computing, LLC
Valsmith has been involved in the computer security community and industry for over ten years. He currently works as a professional security researcher on problems for both the government and private sectors. He specializes in penetration testing (over 40,000 machines assessed), reverse engineering and malware research. Valsmith is a member of the Cult of the Dead Cow NSF. He also works on the Metasploit Project development team as well as other vulnerability development efforts. Most recently Valsmith founded Offensive Computing, a public, open source malware research project.
Links:
Similar Presentations: