Presented at
ShellCon 2020 Virtual,
Oct. 10, 2020, 2 p.m.
(55 minutes)
When you work in information security, not everyone is thankful for the job that you do. Frequently, you'll have to work and communicate with people who really would prefer you'd just go away.
We will enumerate some of the common adversarial scenarios you may find yourself in, such as handling vulnerability disclosure with a hostile vendor, or working for a team that doesn't want a security test, but got one for regulatory reasons. We will also discuss how to identify that you're in an adversarial scenario, and either get yourself out of it by correcting misconceptions about you and your work, or work through it, using strategies developed over a decade of penetration testing and vulnerability disclosure experiences.
Presenters:
-
Daniel Crowley / unicornFurnace
as Daniel Crowley
Daniel Crowley is the head of research and a penetration tester for X-Force Red. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool. Daniel enjoys climbing large rocks and is TIME magazine's 2006 person of the year. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including Black Hat, DEF CON, Shmoocon, and SOURCE. Daniel does his own charcuterie and brews his own beer. Daniel's work has been included in books and college courses. Daniel also holds the noble title of Baron in the micronation of Sealand.
Links:
Similar Presentations: