Deep Magic 101: The Wizard's First Rule

Presented at Notacon 8 (2011), April 15, 2011, 2 p.m. (240 minutes)

Rob and JP will be providing a 2 part user experience. Part I will be a mix of lecture and hands on to provide a foundational set of skills for Penetration Testing. Participants will be provided with the baseline knowledge to start gathering information and identifying vulnerabilities in target networks. Part II will be a hands on lab experience which participants will have the opportunity to realize specific goals in a vulnerable environment.You will be sent home with a vulnerable Virtual Machine to continue to explore this topic. Participants will be required to sign an agreement stating they won't attack any other part of the conference other than the network they are assigned to attack. You will learn some hands on methods for identifying and performing exploitation in our lab network. The goal of this exercise is to provide a foundational set of networking, knowledge and ideas which you can continue to expand upon in the future. We will be spending about 20 minutes on each part of the below outline. We will then have a "hands on" lab period and be available afterwards to help you realize the goals we set for you during the lecture time.

Presenters:

• Rob Fuller / mubix   as Rob Fuller
  Rob is a Penetration Tester at Rapid7, He has worked for Applied Security as a Network Attack Operator, a Penetration Tester for the Department of Defense, a Senior Incident Response Analyst for the Department of State and multiple Information Security Positions in the United States Marine Corps. During his service in the United States Marine Corps he was a team lead for the Marine Corps' Incident Response Team and a Security Test Engineer for the Marine Corps' R&D; section. He has extensive experience in full-­scope penetration testing, Web application assessments, wireless security, incident response, and related development. Rob's blog is at Room362.com and his twitter handle is mubix
• JP Bourget
  Jean Paul (JP) Bourget: BS IT, RIT 2005; MS Computer Security and Information Assurance, RIT 2008; CISSP; MCSE, CSSA. JP has six years experience in computer networking, system administration, and information security. During the day JP is responsible for Network and Security Management for a medium size global company based in the US. JP is also adjunct faculty at Rochester Institute of Technology where he teaches Networking and Security undergraduate classes. JP also performs pen testing and security audits for local companies in Rochester, NY. In his spare time, JP snowboards, rides motorcycles, mountain bikes and enjoys fixing up older homes. JP also contributes spare time to the Board of Neighborworks Rochester. You can find me on Twitter at http://www.twitter.com/punkrokk and his blog: http://syncurity.net.

Links:

• https://web.archive.org/web/20110518153329/http://www.notacon.org/speakers.php#JPB

Similar Presentations:

• BruCON 0x08 (2016) / Incident Response Workshop Workshop
• BSidesLV 2016 / How to securely build your own IoT enabling embedded systems: from design to execution and assessment
• NorthSec 2017 / Cracking Custom Encryption - An Intuitive Approach to Uncovering Malware's Protected Data