Upload File

derbycon

9
DerbyCon Louisville, KY 9/30 to 10/2/2011

Upload: christopher-moss

Post on 01-Jan-2016

29 views

Category:

Documents


0 download

Report

DESCRIPTION

DerbyCon. Louisville, KY 9/30 to 10/2/2011. Attendees. Penetration Testers Social Engineers Hackers HD Moore – Metasploit founder Johnny Long – Google Hacking Kevin Mittnick – Social Engineer. Penetration Test. Hired by a company to test its information security - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: DerbyCon

DerbyConLouisville, KY9/30 to 10/2/2011

Page 2: DerbyCon

Attendees

•Penetration Testers•Social Engineers•Hackers•HD Moore – Metasploit founder•Johnny Long – Google Hacking•Kevin Mittnick – Social Engineer

Page 3: DerbyCon

Penetration Test

•Hired by a company to test its information security

•Hard to break into a system•Easier with social engineering

Page 4: DerbyCon

Reconnaissance

•LinkedIn•Facebook•Spokeo

Page 5: DerbyCon

Social Engineering

•Smoking area•Comcast shirt, hard hat, clipboard,

measuring stick•Can facilitate an attack•Employees are helpful and trusting•Do employees following policies and

procedures?

Page 6: DerbyCon

Software Engineering Toolkit

•Email attack using SET•http://www.youtube.com/watch?v=hsmi2P

70DQY&feature=related

•Website attack with SET•http://www.youtube.com/watch?v=xgukKj

6q5PY&feature=related

http://www.youtube.com/watch?v=hsmi2P70DQY&feature=related
http://www.youtube.com/watch?v=hsmi2P70DQY&feature=related
http://www.youtube.com/watch?v=xgukKj6q5PY&feature=related
http://www.youtube.com/watch?v=xgukKj6q5PY&feature=related
Page 7: DerbyCon

Metasploit

•Open source penetration testing framework

•http://metasploit.com/•Metasploit: The Penetration Testers Guide•http://www.amazon.com/Metasploit-Penet

ration-Testers-David-Kennedy/dp/159327288X

http://metasploit.com/
http://www.amazon.com/Metasploit-Penetration-Testers-David-Kennedy/dp/159327288X
http://www.amazon.com/Metasploit-Penetration-Testers-David-Kennedy/dp/159327288X
http://www.amazon.com/Metasploit-Penetration-Testers-David-Kennedy/dp/159327288X
Page 8: DerbyCon

Metasploit

•How to hack using Metasploit•http://

www.youtube.com/watch?v=TfZt70TYujg

http://www.youtube.com/watch?v=TfZt70TYujg
http://www.youtube.com/watch?v=TfZt70TYujg
Page 9: DerbyCon

Pen Testing Standards

•http://www.pentest-standard.org/index.php/Main_Page

http://www.pentest-standard.org/index.php/Main_Page
http://www.pentest-standard.org/index.php/Main_Page

Introduction to Web Application Security...16 Thursday, October 10, 2013 Gillis Jones for Derbycon 2013 •Items to look for: •/admin/ •/userid=1&mode=edit •Areas of a site accessible

DerbyCon Adaptive Pentesting - TrustedSec · Lessons Learned • During the penetration test there were a lot of hurdles around persistence, UAC, and others. Being adaptive to the

Cyber Civil War: Are You - Team InfoSec or Team Audit? · 2016. 11. 10. · #SOHOpelessly Broken HACK ROUTERS AND GET PAID . . DEFCON 23, DerbyCon v4.0, BSIDES DC, ToorCon We launched

Marketers Are Friends, Not Food: DerbyCon 2015

DerbyCon 2013

Android in the healthcare workplace - GrrCON and DerbyCON

DerbyCon 5 - Tactical Diversion-Driven Defense

Derbycon - Passing the Torch

Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Different, Presented by Steve Werby at DerbyCon 4 in 2014

Invoke-Obfuscation DerbyCon 2016

DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview

Hello ASM World: A Painless and Contextual Introduction to x86 Assembly rogueclown DerbyCon 3.0 September 28, 2013

DERBYCON 2012 PENETRATION TESTING FROM A HOT TUB … · OSINT -- INTERNAL • Just as important as external profiling • Follow a repeatable methodology/develop a habit • Prioritize

Practical PowerShell Programming for Professional People - DerbyCon 4

DerbyCon 2012

No Easy Breach DerbyCon 2016

TLS Fingerprinting - Stealthier Attacking & Smarter Defending - DerbyCon

CMS Hacking Tricks - DerbyCon 4 - 2014

Rapid Assessment of Web Resources (RAWR) - DerbyCon 3.0

DERBYCON 2012 PENETRATION TESTING FROM A HOT TUB TIME MACHINE

The Dirty Little Secrets - Carnal0wnage · The Dirty Little Secrets They Didnt Teach You In Pentesting Class DerbyCon 2011 . ... Pentesting-Class . Chris Gates carnal0wnage Rob Fuller

Getting Schooled DerbyCon 3.0

Derbycon Bromium Labs: Sandboxes

The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014

Patching Windows Executables with the Backdoor Factory | DerbyCon 2013

Stealth servers need Stealth Packets - Derbycon 3.0

It's Okay To Touch Yourself - DerbyCon 2013

JReFrameworker: One Year Later - Ben Holland · I ♥Derbycon •Derbycon3.0: My first con ever! Loved it. •Derbycon4.0: A Bug or Malware?Catastrophic consequences either way. •How

Automated PenTest Toolkit APT2 - Derbycon 2016

DerbyCon 2014 - Making BadUSB Work For You

They tried to think differently - Sooner or later€¦ · What's common in Oracle and Samsung? They tried to think differently... László Tóth, Ferenc Spala 28/09/2013 @ DerbyCon

Ransomware on the Mainframe Checkmate! · –DEF CON, Derbycon, SHARE, RSA 2017, others • Mainframe security consultant • Reverse engineering, networking, forensics, development