SlideShare a Scribd company logo

Bsides Leeds - hacker of all master of none.pptx (1)

Andrew Gill
Andrew Gill

This document provides an overview of penetration testing from Andy Gill, a security consultant. It discusses that penetration testing involves both technical hacking skills as well as significant human interaction by fixing issues and helping others. Gill provides some tips for penetration testers, such as researching the application before testing it and always checking both HTTP and HTTPS on random ports. He notes that most penetration testers are constantly learning and adapting to new situations. Effective penetration testers must have diverse skills and interact with various teams. The document encourages testers to focus on communicating technical issues to business audiences and becoming better at interacting with people.

Technology
1 of 14
Download to read offline
Hacker of All Trades Master of None Andy Gill
Obligatory Who Am I… @ZephrFish on all of the Internet. Work as a Security Consultant @PenTestPartners Kicker/Breaker/Hacker/FilmGoer in my Nights Wrote a Book about Learning Things Black Belt in Karate, so not only a Keyboard Warrior
The Plan for Today Understanding pentesting Some Tips & Some Tricks Lessons Learned The different trades a tester may have How to be more Business-ey As a pentester/hacker…
PENETRATION... Testing Take a min, have a giggle, you know you want to!
But really, what is it? Expectation: Popping shells all day long, hacking all the things Reality - A massive human aspect - lots of breaking, fixing and helping
Tricks of the Trade... The Good the Bad & the Down right Ugly… tips! The Do’s ● RTFM ● Don’t Be Afraid to Google Like a MF Ninja ● Actually Use the App before you Abuse it... ● Always try http & https on random ports, you’d be surprised
Tips (Cont) Don’t Do These Things Bad Things can happen...
Lessons Learned… Going ON-SITE 101
Winging it... Most folks are winging it, if they tell you they’re not they’re lying or just old… Not Winging in the Sense “I have no idea what I’m doing” but more that every day is a new learning opportunity. It works 50% of the time 100% of the time
A tester can have many Hats Not the Good Guy/Bad Guy Scenario More the range of trades and teams one tester will liaise with.
Being a better Business Hacker RCE, XSS, CSRF,SSRF, BEAST, POODLE, ROBOT, SSL BUZZ WORD BINGO
Learning to be a People Person
How to Find Me. https://twitter.com/ZephrFish https://blog.zsec.uk https://leanpub.com/ltr101-breaking-into-infosec https://www.pentestpartners.com
Any Question?

Recommended

Pre production task 4
Pre production task 4Pre production task 4
Pre production task 4
JoshuaMeredith2
 
A roadmap for a proficient trader
A roadmap for a proficient traderA roadmap for a proficient trader
A roadmap for a proficient trader
narcissistrader Pit
 
Trading Strategies
Trading StrategiesTrading Strategies
Trading Strategies
InvestingTips
 
Hacking - Breaking Into It
Hacking - Breaking Into ItHacking - Breaking Into It
Hacking - Breaking Into It
CTruncer
 
Indie Series 03: Becoming an Indie
Indie Series 03: Becoming an IndieIndie Series 03: Becoming an Indie
Indie Series 03: Becoming an Indie
Mohammad Shaker
 
How to go from "meh" to "omg"
How to go from "meh" to "omg"How to go from "meh" to "omg"
How to go from "meh" to "omg"
Ghonche Tavoosi
 
8 Outsourcing Tips For Beginners
8 Outsourcing Tips For Beginners8 Outsourcing Tips For Beginners
8 Outsourcing Tips For Beginnerspickupcash
 
Social Empire Growth Hacking And Life Hacking with Mark Middo - Socialempire
Social Empire Growth Hacking And Life Hacking with Mark Middo - SocialempireSocial Empire Growth Hacking And Life Hacking with Mark Middo - Socialempire
Social Empire Growth Hacking And Life Hacking with Mark Middo - Socialempire
Social Empire Group
 

Recommended

Pre production task 4
Pre production task 4Pre production task 4
Pre production task 4
JoshuaMeredith2
 
A roadmap for a proficient trader
A roadmap for a proficient traderA roadmap for a proficient trader
A roadmap for a proficient trader
narcissistrader Pit
 
Trading Strategies
Trading StrategiesTrading Strategies
Trading Strategies
InvestingTips
 
Hacking - Breaking Into It
Hacking - Breaking Into ItHacking - Breaking Into It
Hacking - Breaking Into It
CTruncer
 
Indie Series 03: Becoming an Indie
Indie Series 03: Becoming an IndieIndie Series 03: Becoming an Indie
Indie Series 03: Becoming an Indie
Mohammad Shaker
 
How to go from "meh" to "omg"
How to go from "meh" to "omg"How to go from "meh" to "omg"
How to go from "meh" to "omg"
Ghonche Tavoosi
 
8 Outsourcing Tips For Beginners
8 Outsourcing Tips For Beginners8 Outsourcing Tips For Beginners
8 Outsourcing Tips For Beginnerspickupcash
 
Social Empire Growth Hacking And Life Hacking with Mark Middo - Socialempire
Social Empire Growth Hacking And Life Hacking with Mark Middo - SocialempireSocial Empire Growth Hacking And Life Hacking with Mark Middo - Socialempire
Social Empire Growth Hacking And Life Hacking with Mark Middo - Socialempire
Social Empire Group
 
Psychology and the Perfect Design by @mrjoe
Psychology and the Perfect Design by @mrjoePsychology and the Perfect Design by @mrjoe
Psychology and the Perfect Design by @mrjoe
cxpartners
 
Work Smarter, Sell More
Work Smarter, Sell MoreWork Smarter, Sell More
Work Smarter, Sell More
Sales Hacker
 
Trading tips
Trading tipsTrading tips
Trading tips
Badr sayiar
 
Blend it up - leancamp london presentation
Blend it up - leancamp london presentationBlend it up - leancamp london presentation
Blend it up - leancamp london presentationAntonio Terreno
 
Resources for Lawyers to Help Create Space
Resources for Lawyers to Help Create SpaceResources for Lawyers to Help Create Space
Resources for Lawyers to Help Create Space
Jack Pringle
 
The pragmatic programmer
The pragmatic programmerThe pragmatic programmer
The pragmatic programmer
Nilesh Sharma
 
How to build a Start Up (in ten easy steps)
How to build a Start Up (in ten easy steps)How to build a Start Up (in ten easy steps)
How to build a Start Up (in ten easy steps)
flaregames GmbH
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 

More Related Content

Similar to Bsides Leeds - hacker of all master of none.pptx (1)

Psychology and the Perfect Design by @mrjoe
Psychology and the Perfect Design by @mrjoePsychology and the Perfect Design by @mrjoe
Psychology and the Perfect Design by @mrjoe
cxpartners
 
Work Smarter, Sell More
Work Smarter, Sell MoreWork Smarter, Sell More
Work Smarter, Sell More
Sales Hacker
 
Trading tips
Trading tipsTrading tips
Trading tips
Badr sayiar
 
Blend it up - leancamp london presentation
Blend it up - leancamp london presentationBlend it up - leancamp london presentation
Blend it up - leancamp london presentationAntonio Terreno
 
Resources for Lawyers to Help Create Space
Resources for Lawyers to Help Create SpaceResources for Lawyers to Help Create Space
Resources for Lawyers to Help Create Space
Jack Pringle
 
The pragmatic programmer
The pragmatic programmerThe pragmatic programmer
The pragmatic programmer
Nilesh Sharma
 
How to build a Start Up (in ten easy steps)
How to build a Start Up (in ten easy steps)How to build a Start Up (in ten easy steps)
How to build a Start Up (in ten easy steps)
flaregames GmbH
 

Similar to Bsides Leeds - hacker of all master of none.pptx (1) (7)

Psychology and the Perfect Design by @mrjoe
Psychology and the Perfect Design by @mrjoePsychology and the Perfect Design by @mrjoe
Psychology and the Perfect Design by @mrjoe
 
Work Smarter, Sell More
Work Smarter, Sell MoreWork Smarter, Sell More
Work Smarter, Sell More
 
Trading tips
Trading tipsTrading tips
Trading tips
 
Blend it up - leancamp london presentation
Blend it up - leancamp london presentationBlend it up - leancamp london presentation
Blend it up - leancamp london presentation
 
Resources for Lawyers to Help Create Space
Resources for Lawyers to Help Create SpaceResources for Lawyers to Help Create Space
Resources for Lawyers to Help Create Space
 
The pragmatic programmer
The pragmatic programmerThe pragmatic programmer
The pragmatic programmer
 
How to build a Start Up (in ten easy steps)
How to build a Start Up (in ten easy steps)How to build a Start Up (in ten easy steps)
How to build a Start Up (in ten easy steps)
 

Recently uploaded

Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 

Recently uploaded (20)

Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 

Bsides Leeds - hacker of all master of none.pptx (1)

  • 1. Hacker of All Trades Master of None Andy Gill
  • 2. Obligatory Who Am I… @ZephrFish on all of the Internet. Work as a Security Consultant @PenTestPartners Kicker/Breaker/Hacker/FilmGoer in my Nights Wrote a Book about Learning Things Black Belt in Karate, so not only a Keyboard Warrior
  • 3. The Plan for Today Understanding pentesting Some Tips & Some Tricks Lessons Learned The different trades a tester may have How to be more Business-ey As a pentester/hacker…
  • 4. PENETRATION... Testing Take a min, have a giggle, you know you want to!
  • 5. But really, what is it? Expectation: Popping shells all day long, hacking all the things Reality - A massive human aspect - lots of breaking, fixing and helping
  • 6. Tricks of the Trade... The Good the Bad & the Down right Ugly… tips! The Do’s ● RTFM ● Don’t Be Afraid to Google Like a MF Ninja ● Actually Use the App before you Abuse it... ● Always try http & https on random ports, you’d be surprised
  • 7. Tips (Cont) Don’t Do These Things Bad Things can happen...
  • 9. Winging it... Most folks are winging it, if they tell you they’re not they’re lying or just old… Not Winging in the Sense “I have no idea what I’m doing” but more that every day is a new learning opportunity. It works 50% of the time 100% of the time
  • 10. A tester can have many Hats Not the Good Guy/Bad Guy Scenario More the range of trades and teams one tester will liaise with.
  • 11. Being a better Business Hacker RCE, XSS, CSRF,SSRF, BEAST, POODLE, ROBOT, SSL BUZZ WORD BINGO
  • 12. Learning to be a People Person
  • 13. How to Find Me. https://twitter.com/ZephrFish https://blog.zsec.uk https://leanpub.com/ltr101-breaking-into-infosec https://www.pentestpartners.com