Conquer the Enterprise from Inside with Penetration Testing Dropboxes

Presented at BSidesSF 2019, March 3, 2019, 11 a.m. (30 minutes)

Penetration Testing Dropboxes are dismissed by many clients and infosec pros because they require internal access to corporate network. The reality is that dropboxes are a very valuable tool because they can lower costs and gain efficiency testing. Penetration Testing Dropboxes fit perfectly with the Assume Breach approach; as pentesters can launch internal attacks to simulate an attacker with access to the network to uncover gaps in the corporate security posture from the start of the engagement, both red teams and blue teams win. This talk focuses on the different types of dropboxes, hardware additions, how to set up, and what attacks can be executed. Demos included.

Presenters:

• Simon Roses Femerling - VULNEX
  Currently Simon Roses Femerling is the CEO at VULNEX, driving security innovation. Formerly he was at Microsoft, PriceWaterhouseCoopers, and @Stake. Simon has authored and cooperated in several security Open Source projects like OWASP Pantera and LibExploit. He has also published security advisories in commercial products. Simon was awarded with a DARPA Cyber Fast Track (CFT) grant to research on application security. He is a frequent speaker at security industry events including BLACKHAT, DEF CON, RSA, HITB, OWASP, SOURCE, DeepSec, and Microsoft Security Technets.

Links:

• https://bsidessf2019.sched.com/event/JddH/conquer-the-enterprise-from-inside-with-penetration-testing-dropboxes

Similar Presentations:

• DerbyCon 1.0 (2011) / Adaptive Penetration Testing
• Texas Cyber Summit 2019 / RT-2007 Red Team Tactics for Pentesters
• DeepSec 2015 „DeepSec No. 9“ / Have We Penetrated Yet??