Managing your pentest data with Kvasir

Presented at ToorCon San Diego 15 (2013), Oct. 20, 2013, 11:30 a.m. (20 minutes).

We've all done it a few times. Lost that nmap scan, can't recall what file had that accout and password combination, sat in front of a screen for a few days while your co-worker gathered tons of data and didn't share because he's a big fat jerk.

Kvasir is a centralized, pentration tester-focused data homoginizing application to help collect, unify and make sense of the important data gathered during tests. It's a small footprint application designed for quick deployment. It integrates directly with NeXpose and Metasploit (for now).

This application is used daily by Cisco Systems engineers on customer penetration tests. It hasn't solved the big fat jerk problem but it has helped us work better as a team.

Presenters:

• grutz
  grutz has been in the penetration testing game for far too long. He recalls the time when Windows actually spit out account names when asked and SADMIND was running by default. While not officially an ‘old man' yet there is more gray and less hair on top of his head. grutz is currently a member of the penetration testing team for Cisco Systems and has worked for Pacifc Gas & Electric and the Federal Reserve System crashing power grids and money processing systems with a mighty nmap scan.

Similar Presentations:

• Black Hat USA 2013 / Big Data for Web Application Security