Hunting high-value targets in corporate networks

Presented at NolaCon 2016, May 22, 2016, noon (Unknown duration)

So you got into a network, but now what? You might be swimming in a corporate environment full of thousands of systems and users. If you're in a goal-oriented penetration testing scenario, it's important to quickly and efficiently find the crown jewels. In this presentation we will present post-exploitation strategies and techniques for finding the interesting bits in a big network. We will be releasing several tools and describing practical data collection and analysis techniques for converting a compromise into success criteria.


Presenters:

  • Patrick Fussell
    <div>While working in the information security industry over the past 5 years Patrick Fussell has worked in numerous roles to increase the security of electronically stored data for customers while always improving his skill set. With a background predominantly in penetration testing, security assessment, and auditing he spent much of the last few years working with a wide range of consulting and analysis based engagements.</div> <div>Currently based out of Monterey, CA he regularly performs penetration tests for clients of all sizes, and has a strong desire to contribute to the larger community with his projects.</div>
  • Josh Stone
    Josh Stone and Patrick Fussell are penetration testers with PSC, working primarily in the PCI compliance space. Between the two of them, there's over 15 years of penetration testing experience, and they get to work with some of the world's largest service providers and merchants.

Links:

Similar Presentations: