In large corporate networks, the existence of a 0day exploit can wreck havoc.But a few weeks later, once patch management has done its job, and the risk isgone, what was the point? What has management learned from the ordeal ? Whatcould be improved to prevent the incident from occuring again ? Nothing! Is the network now ‘safe’ from attack? Not even close! In this talk, Rick will show examples of complete penetrations of large corporate networks that were accomplishing using no 0day, in fact no “exploits” in the classic sense, at all. Instead, the only things exploited are the mistakes of users and administrators, to elevate privileges all the way to root/Domain Administrator on almost all machines on the network. But why do a penetration test in this manner? Because it reveals actionable items that can be fixed/mitigated immediately. These fixes will protect the network just as much as patching an 0day. Only, these types of attacks are: - More likely to occur - More widespread - More common - Not audited by auditing groups - Easier to perform - Require less “l33t access” to uber 0day ‘sploits - Less likely to be reported on by the security community If you get nothing out of this talk, you can at least laugh at how easy some complete compromises of Fortune 500 networks can be. I would like for this talk to be a conversation starter about the importance of security research into 0day vulns. This type of research is very important to our industry, but is not helping to secure corporate environments. Is it worth it ? Is the fame and fortune misplaced? Does the security community REALLY care if corporate networks are secure or not ?