Presented at
DerbyCon 2.0 Reunion (2012),
Sept. 29, 2012, 10 a.m.
(50 minutes).
Put on your suit and venture back to 1999! Many penetration testers either forgot what we learned in the 90s or may be too young to even remember the game 12+ years ago. Either way, the Kung-Fu that worked so well back then is still prevalent in today’s electronic world. Sure the tools got better; our systems got faster; and hopefully, your testers evolved along the way. But the basics that served as such a solid foundation and development platform back then still provides reliable pathways to privileged access in nearly every business in today’s world. This talk will not only serve as a nostalgic flashback to those great times but also demonstrate real world attack techniques that work on practically every engagement that we conduct, show why the basics will still get a corporation owned at multiple levels, and illustrate methods of attack that many may think is a lost art or unnecessary. So, put away those 0-days, detach yourself from automated toolsets, step outside of those hypothetical testing chambers, roll up your sleeves and see what attacks from the trenches really looks like.
Presenters:
-
Eric Smith (Infosecmafia)
Senior Partner at Lares Consulting. Eric specializes in penetration testing with over 13 years of experience in the IT/IS industry. Eric is well versed in a variety of Risk Assessment services enabling clients to meet compliance with local laws, government regulations, and corporate initiatives. He has extensive experience in network and application level vulnerability assessments, penetration testing, insider threat assessments, social engineering, Red Team, physical security, wireless audits, architecture review, system hardening, and policy/procedural development.
-
Chris Gates / carnal0wnage
as Chris Gates (carnal0wnage)
Chris joined LARES in 2011 as a Partner & Principal Security Consultant. Chris has extensive experience in network and web application penetration testing as well as other Information Operations experience working as an operator for a DoD Red Team and other Full Scope penetration testing teams (regular pentesting teams too). Chris holds a BS in Computer Science and Geospatial Information Science from the United States Military Academy at West Point and holds his… redacted…no one cares anyway. In the past, he has spoken at the United States Military Academy, BlackHat, DefCon, Toorcon, Brucon, Troopers, SOURCE Boston, OWASP AppSec DC, ChicagoCon, NotaCon, and CSI. He is a regular blogger carnal0wnage.attackresearch.com and is also a regular contributor to the Metasploit and wXf Projects. http://twitter.com/carnal0wnage
Similar Presentations: