derbycon
DESCRIPTION
DerbyCon. Louisville, KY 9/30 to 10/2/2011. Attendees. Penetration Testers Social Engineers Hackers HD Moore – Metasploit founder Johnny Long – Google Hacking Kevin Mittnick – Social Engineer. Penetration Test. Hired by a company to test its information security - PowerPoint PPT PresentationTRANSCRIPT
DerbyConLouisville, KY9/30 to 10/2/2011
Attendees
•Penetration Testers•Social Engineers•Hackers•HD Moore – Metasploit founder•Johnny Long – Google Hacking•Kevin Mittnick – Social Engineer
Penetration Test
•Hired by a company to test its information security
•Hard to break into a system•Easier with social engineering
Reconnaissance
•LinkedIn•Facebook•Spokeo
Social Engineering
•Smoking area•Comcast shirt, hard hat, clipboard,
measuring stick•Can facilitate an attack•Employees are helpful and trusting•Do employees following policies and
procedures?
Software Engineering Toolkit
•Email attack using SET•http://www.youtube.com/watch?v=hsmi2P
70DQY&feature=related
•Website attack with SET•http://www.youtube.com/watch?v=xgukKj
6q5PY&feature=related
Metasploit
•Open source penetration testing framework
•http://metasploit.com/•Metasploit: The Penetration Testers Guide•http://www.amazon.com/Metasploit-Penet
ration-Testers-David-Kennedy/dp/159327288X
Metasploit
•How to hack using Metasploit•http://
www.youtube.com/watch?v=TfZt70TYujg
Pen Testing Standards
•http://www.pentest-standard.org/index.php/Main_Page