Strategic Penetration Testing - Changing the way we hack

Presented at Notacon 8 (2011), April 16, 2011, 4 p.m. (60 minutes)

Penetration testing is something that we've all been through and understand. We have a certain level we expect from our penetration tests and testers but as we begin to look at what penetration tests symbolize and give us, they are fundamentally flawed and lacking. The Information Security field in general is relatively new in lifespan and as a maturity model we have to grow. Penetration tests should focus on understanding the business, understanding the organization, and impacting what hurts the organization the most, their bottom line. This talk will focus on strategically attacking an organization and how a penetration test should really be done and what it needs to be used for. We'll of course be showing some exploitation techniques and the latest and greatest sexy hacker moves.

Presenters:

  • David Kennedy / ReL1K as David Kennedy
    David Kennedy (ReL1K) is a security ninja that likes to write code, break things. David had the privilege in speaking at some of the nations largest conferences on a number of occasions including BlackHat, Defcon and Shmoocon. David is the creator of the Social-Engineer Toolkit (SET) and Fast-Track. David is a developer on the Back|Track Linux security distribution and a developer on the exploitdb community and has released a number of Metasploit modules and exploits.

Links: