Hunting high-value targets in corporate networks.

Presented at BSidesLV 2016, Aug. 3, 2016, 10 a.m. (45 minutes).

So you got into a network, but now what? You might be swimming in a corporate environment full of thousands of systems and users. If you're in a goal-oriented penetration testing scenario, it's important to quickly and efficiently find the crown jewels. In this presentation we will present post-exploitation strategies and techniques for finding the interesting bits in a big network. We will be releasing several tools and describing practical data collection and analysis techniques for converting a compromise into success criteria.


Presenters:

  • Josh Stone - Penetration Tester - PSC
    Josh Stone has been in infosec for over 15 years, working variously in incident response, forensics, architecture, penetration testing, application testing, and more. He's worked in manufacturing, financial, educational, and payment card industries. Josh's research focus is in post-exploitation tools and techniques, trying to find creative ways around the barriers people build around the crown jewels in their networks.
  • Patrick Fussell - Penetration Tester - Payment Software Company, Inc.
    In preparation for his transition out of the Marine Corps in 2010 Patrick Fussell had his first exposure to the information security world working with the information assurance department. Over the past six years he has worked in numerous roles to increase the security of IT environments and electronically stored data for customers with a focus on always improving his skill set. With a background predominantly in penetration testing, security assessment, and auditing he has worked on a wide range of consulting and analysis based engagements.

Links:

Similar Presentations: