Your configs are bad and you should feel bad

Presented at Hackfest 2016, Nov. 4, 2016, 11 a.m. (60 minutes)

Let's talk about that linux server on the network that seems to be neglected, you know the one that linux box that is there for some reason that predates you. An offensive person has a multitude of ways at which they can escalate privileges, pivot and gain access to linux systems. Identifying the weaknesses and what changes you can make to help address the misconfigurations as a defensive will also be covered. We will talk about some of the common known misconfigurations and some not as well spoken about configurations. WIll also go over how to spot the weaknesses, how to leverage them and how you can fix or lower the risk of them being used against you.

Presenters:

• Stephen Hall
  Consultant at Security Compass, with more than five years of experience in the infosec domain, during which he has worked on various challenging client engagements in industries such as financial, energy, healthcare, and technology. He specialized himself at pentesting through development of CTF style challenges geared towards helping the beginners in learning the trade of hacking. He wrote phishing methodology and assess multiple client on this particular exercise. He is often found wearing a Santa hat throughout the year.

Links:

• https://hackfest.ca/en/2016/speakers2016/#hall
• https://infocon.org/cons/Hackfest/Hackfest 8 2016/Hackfest 2016 - Stephen Hall presented Your configs are bad and you should feel bad.mp4
• https://www.youtube.com/watch?v=4QXqXcUwbOw

Similar Presentations:

• DerbyCon 3.0 All in the Family (2013) / Some defensive ideas from offensive guys.
• DEF CON 24 (2016) / So You Think You Want To Be a Penetration Tester
• Wild West Hackin' Fest 2018 / Abusing misconfigurations for privilege escalation