DerbyConLouisville, KY9/30 to 10/2/2011

Attendees

•Penetration Testers•Social Engineers•Hackers•HD Moore – Metasploit founder•Johnny Long – Google Hacking•Kevin Mittnick – Social Engineer

Penetration Test

•Hired by a company to test its information security

•Hard to break into a system•Easier with social engineering

Reconnaissance

•LinkedIn•Facebook•Spokeo

Social Engineering

•Smoking area•Comcast shirt, hard hat, clipboard,

measuring stick•Can facilitate an attack•Employees are helpful and trusting•Do employees following policies and

procedures?

Software Engineering Toolkit

•Email attack using SET•http://www.youtube.com/watch?v=hsmi2P

70DQY&feature=related

•Website attack with SET•http://www.youtube.com/watch?v=xgukKj

6q5PY&feature=related

Metasploit

•Open source penetration testing framework

•http://metasploit.com/•Metasploit: The Penetration Testers Guide•http://www.amazon.com/Metasploit-Penet

ration-Testers-David-Kennedy/dp/159327288X

Metasploit

•How to hack using Metasploit•http://

www.youtube.com/watch?v=TfZt70TYujg

Pen Testing Standards

•http://www.pentest-standard.org/index.php/Main_Page