This is the slide deck I gave when presenting at FSU's AITP Meeting. The goal was to give a high level description of what Pen Testing/Red Teaming is and what the job entails.
This talk goes over the host identification process we follow, the development of EyeWitness 1.0, the problems which lead to 2.0 and talk about future work on EyeWitness.
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationCTruncer
This presentation documents how Egress-Assess can be used on assessments to simulate exfiltrating data over a variety of protocols.
Additionally, this presentation documents the addition of malware modules into Egress-Assess. The new malware modules allow users to emulate different pieces of malware families by using documented malware indicators.
Bringing Down the House - How One Python Script Ruled Over AntiVirusCTruncer
This talk is about how a single python tool (Veil aka Veil-Evasion) is able to render AntiVirus useless. Veil's goal is to bypass antivirus products on workstations and servers.
Ever Present Persistence - Established Footholds Seen in the WildCTruncer
This talk is about different attacker persistence techniques that we have seen in the wild, or published by other companies. We wanted to create a massive document containing all of these techniques with a mile wide, inch deep approach. Our goal is to give a description of how each technique works and a way to detect them to allow anyone to start looking for these specific techniques.
This talk describes the current state of the Veil-Framework and the different tools included in it such as Veil-Evasion, Veil-Catapult, Veil-Powerview, Veil-Pillage, Veil-Ordnance
This talk goes over the art of antivirus evasion, or really the lack thereof. I talk about a new module that's getting added into Veil-Evasion, a signature that was developed for Veil, and creating your own processes for approaching unknowns.
The Supporting Role of Antivirus Evasion while PersistingCTruncer
This talk goes over different techniques to evade detection by antivirus programs, talks about how Veil-Evasion evades the programs, and shows an AV signature bypass. It also then documents a large number of techniques on how actors can persist in networks.
This talk goes over the host identification process we follow, the development of EyeWitness 1.0, the problems which lead to 2.0 and talk about future work on EyeWitness.
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationCTruncer
This presentation documents how Egress-Assess can be used on assessments to simulate exfiltrating data over a variety of protocols.
Additionally, this presentation documents the addition of malware modules into Egress-Assess. The new malware modules allow users to emulate different pieces of malware families by using documented malware indicators.
Bringing Down the House - How One Python Script Ruled Over AntiVirusCTruncer
This talk is about how a single python tool (Veil aka Veil-Evasion) is able to render AntiVirus useless. Veil's goal is to bypass antivirus products on workstations and servers.
Ever Present Persistence - Established Footholds Seen in the WildCTruncer
This talk is about different attacker persistence techniques that we have seen in the wild, or published by other companies. We wanted to create a massive document containing all of these techniques with a mile wide, inch deep approach. Our goal is to give a description of how each technique works and a way to detect them to allow anyone to start looking for these specific techniques.
This talk describes the current state of the Veil-Framework and the different tools included in it such as Veil-Evasion, Veil-Catapult, Veil-Powerview, Veil-Pillage, Veil-Ordnance
This talk goes over the art of antivirus evasion, or really the lack thereof. I talk about a new module that's getting added into Veil-Evasion, a signature that was developed for Veil, and creating your own processes for approaching unknowns.
The Supporting Role of Antivirus Evasion while PersistingCTruncer
This talk goes over different techniques to evade detection by antivirus programs, talks about how Veil-Evasion evades the programs, and shows an AV signature bypass. It also then documents a large number of techniques on how actors can persist in networks.
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreCTruncer
This talk goes over how stagers work in a different manner. Rather than standard function calls, I show how to utilize the same functionality in a slightly different way. It talks about Veil-Evasion, and a signature that was developed for it. Finally, I get into custom code and showcase three pieces of custom code that completely bypass antivirus.
CheckPlease is the go-to repository for the newest targeted payload and sandbox-detection modules. This repository is for defenders to harden their sandboxes and AV tools, malware researchers to discover new techniques, and red teamers to get serious about their payloads.
Presented at Steelcon 2017
This is the talk given at NullCon 2017. This talk give s history of the Veil Framework, and showcases the differences between 2.0 and the newly released 3.0. Veil 3.0 is released in this talk
Egress-Assess and Owning Data ExfiltrationCTruncer
This talk discusses how Egress-Assess can be used to help attackers and defenders learn how to exfiltrate data outside of their network over a variety of protocols, describes how data is exfiltrated over different supported protocols, and demonstrates the weaponization of the tool!
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000CTruncer
This talk will initially cover Device Guard, and how it works. After discussing high level methods of attacking Device Guard, we will go into detail on WMImplant, a tool which can be used to operate on Device Guard protected systems.
Veil-Ordnance is a new tool recently added into the Veil-Framework. It's designed to quickly generate shellcode for exploits or use inside backdoor executables.
This talk is about developing malware in higher level languages. Languages such as Python or C# can give you the flexibility to quickly develop malware and use it on client engagements.
This talk is about why I believe having the ability to write tools and/or scripts can help elevate a Pen Testers game to the next level.
The talk is case study driven by the different scenarios I've encountered on assessments and the scripts or tools that have been developed as a result.
This is the slide deck that I used when presenting at FSU's Cyber Security Club. This presentation was supposed to give a description of what Red Teaming, Pen Testing, and other roles do.
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...Mario Heiderich
ECMAScript 6, in short ES6, has been boiling in a copper pot for many years by now and step-by-step, browser vendors come forward to taste the first sips of this mystery soup. So, ES6 is no longer a theoretic language but already crawled across the doorstep and now lurks under your bed, ready for the nasty, waiting for the right moment to bite.
Now, what is this whole ES6 thing? How did it develop and who made it? And why is it now implemented in your favorite browser? And what does it mean for web-security and beyond?
This talk will answer these questions and showcase the new language from an attacker's perspective. You will see the new code constructs possible to be executed with ES6, new attack vectors and learn what you can do to tame that beast. Kafkaesque terminology such as expression interpolation, proper tail calls, computed properties, spread parameters, modules and tagged template strings will no longer be surprising you after attending this talk.
This presentation was given to a group of SFS students at GW. It's designed to be semi-case study driven on the problems I've encountered on assessments and how programming can help solve them.
Recent workshop on security code review given at SecTalks Melbourne. The slides contain a link to the vulnerable PHP application to perform the review.
These slides were used by our security researcher Sven Morgenroth for a presentation and demo on Same-origin Policy (SOP). Watch the live demo at the following URL: https://www.netsparker.com/blog/web-security/enterprise-security-weekly-550-sven-morgenroth/
Dev and Blind - Attacking the weakest Link in IT SecurityMario Heiderich
The developer is an easy and valuable target for malicious minds. The reasons for that are numerous and hard to come by. This talk delivers examples, proof, discussion and awkward moments in a pretty special way.
Everybody hates developers – especially web developers. And why not? The cracks and crevices of their APIs and implementations are the reason that vulnerabilities in web applications are still a widespread issue – and will continue to be in the foreseeable future.
Bashing and blaming them for their wrongdoings is fun – boy, they are stupid in their mistakes! But has anyone ever dared to have an open on stage battle with an actual developer?
And who of the developers dares to face their collective nemesis – the attacker? Can there be life where matter and anti-matter collide? We will know about this soon – because this is what this talk is going to be about. Developer versus attacker – vulnerability versus defense. Be prepared for swearing, violence and people leaving the stage prematurely in tears.
EyeWitness - A Web Application Triage ToolCTruncer
EyeWitness is a web application triage tool. It's designed to take a file from the user containing web pages, gather server header information, take a screenshot of the web page, and then organize all the information in a report. Additionally, EyeWitness will warn you about invalid SSL certificates, and attempt to identify any default credentials that may apply to the website.
Null Mumbai 14th May Lesser Known Webapp attacks by Ninad Sarangnullowaspmumbai
Agenda
We will cover lesser known web application attacks with there basics, how to do and mitigations.
Cross site scripting –
* Mutation XSS
* RPO XSS
* Zombie XSS
Remote Command Execution
CR-LF Attack
Homograph Attack
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreCTruncer
This talk goes over how stagers work in a different manner. Rather than standard function calls, I show how to utilize the same functionality in a slightly different way. It talks about Veil-Evasion, and a signature that was developed for it. Finally, I get into custom code and showcase three pieces of custom code that completely bypass antivirus.
CheckPlease is the go-to repository for the newest targeted payload and sandbox-detection modules. This repository is for defenders to harden their sandboxes and AV tools, malware researchers to discover new techniques, and red teamers to get serious about their payloads.
Presented at Steelcon 2017
This is the talk given at NullCon 2017. This talk give s history of the Veil Framework, and showcases the differences between 2.0 and the newly released 3.0. Veil 3.0 is released in this talk
Egress-Assess and Owning Data ExfiltrationCTruncer
This talk discusses how Egress-Assess can be used to help attackers and defenders learn how to exfiltrate data outside of their network over a variety of protocols, describes how data is exfiltrated over different supported protocols, and demonstrates the weaponization of the tool!
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000CTruncer
This talk will initially cover Device Guard, and how it works. After discussing high level methods of attacking Device Guard, we will go into detail on WMImplant, a tool which can be used to operate on Device Guard protected systems.
Veil-Ordnance is a new tool recently added into the Veil-Framework. It's designed to quickly generate shellcode for exploits or use inside backdoor executables.
This talk is about developing malware in higher level languages. Languages such as Python or C# can give you the flexibility to quickly develop malware and use it on client engagements.
This talk is about why I believe having the ability to write tools and/or scripts can help elevate a Pen Testers game to the next level.
The talk is case study driven by the different scenarios I've encountered on assessments and the scripts or tools that have been developed as a result.
This is the slide deck that I used when presenting at FSU's Cyber Security Club. This presentation was supposed to give a description of what Red Teaming, Pen Testing, and other roles do.
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...Mario Heiderich
ECMAScript 6, in short ES6, has been boiling in a copper pot for many years by now and step-by-step, browser vendors come forward to taste the first sips of this mystery soup. So, ES6 is no longer a theoretic language but already crawled across the doorstep and now lurks under your bed, ready for the nasty, waiting for the right moment to bite.
Now, what is this whole ES6 thing? How did it develop and who made it? And why is it now implemented in your favorite browser? And what does it mean for web-security and beyond?
This talk will answer these questions and showcase the new language from an attacker's perspective. You will see the new code constructs possible to be executed with ES6, new attack vectors and learn what you can do to tame that beast. Kafkaesque terminology such as expression interpolation, proper tail calls, computed properties, spread parameters, modules and tagged template strings will no longer be surprising you after attending this talk.
This presentation was given to a group of SFS students at GW. It's designed to be semi-case study driven on the problems I've encountered on assessments and how programming can help solve them.
Recent workshop on security code review given at SecTalks Melbourne. The slides contain a link to the vulnerable PHP application to perform the review.
These slides were used by our security researcher Sven Morgenroth for a presentation and demo on Same-origin Policy (SOP). Watch the live demo at the following URL: https://www.netsparker.com/blog/web-security/enterprise-security-weekly-550-sven-morgenroth/
Dev and Blind - Attacking the weakest Link in IT SecurityMario Heiderich
The developer is an easy and valuable target for malicious minds. The reasons for that are numerous and hard to come by. This talk delivers examples, proof, discussion and awkward moments in a pretty special way.
Everybody hates developers – especially web developers. And why not? The cracks and crevices of their APIs and implementations are the reason that vulnerabilities in web applications are still a widespread issue – and will continue to be in the foreseeable future.
Bashing and blaming them for their wrongdoings is fun – boy, they are stupid in their mistakes! But has anyone ever dared to have an open on stage battle with an actual developer?
And who of the developers dares to face their collective nemesis – the attacker? Can there be life where matter and anti-matter collide? We will know about this soon – because this is what this talk is going to be about. Developer versus attacker – vulnerability versus defense. Be prepared for swearing, violence and people leaving the stage prematurely in tears.
EyeWitness - A Web Application Triage ToolCTruncer
EyeWitness is a web application triage tool. It's designed to take a file from the user containing web pages, gather server header information, take a screenshot of the web page, and then organize all the information in a report. Additionally, EyeWitness will warn you about invalid SSL certificates, and attempt to identify any default credentials that may apply to the website.
Null Mumbai 14th May Lesser Known Webapp attacks by Ninad Sarangnullowaspmumbai
Agenda
We will cover lesser known web application attacks with there basics, how to do and mitigations.
Cross site scripting –
* Mutation XSS
* RPO XSS
* Zombie XSS
Remote Command Execution
CR-LF Attack
Homograph Attack
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahnullowaspmumbai
Malware Command and Control: Evasion Tactics and Techniques
Malware is designed to perform malicious actions without catching attention of the user. Malware Authors keep on developing new ideas to stay undetected by security technologies. In order to remain undetected, communication channels between attacker and malware needs to be stealthy and evolving. Making Command and control with attacker to receive on demand commands is an essential phase of the Cyber Kill Chain.
As a result, we are observing continuous advancement into communication channel for Malware Command and control.
In this session, we will try to cover some of the advanced techniques used by Malwares nowadays to communicate with it's command and control.
Burp Suite is a Java based software platform of tools for performing security testing of web applications. The suite of products can be used to combine automated and manual testing techniques and consists of a number of different tools, such as a proxy server, a web spider, scanner, intruder, repeater, sequencer, decoder, collaborator and extender.
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications
Webinar: Ransomware - Five Reasons You’re Not As Protected As You ThinkStorage Switzerland
Ransomware is the number one threat to an organization's data. These malware programs infiltrate an organization and encrypt every file they can access. The only way to unencrypt the data is pay a fee to the malware creator. Hence the title ransomware. Studies indicate that malware infected as many as 70 percent of businesses just this year!
The problem is most of the recommended ransomware protection strategies are not able to protect an organization from this type of attack. In this on demand webinar listen as experts from Storage Switzerland and Nexsan discuss the five reasons you are not as protected from a ransomware attack as you think you are. More importantly learn how to create rock solid protection from any kind of ransomware attack.
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017Chris Gates
The evolution chain in security testing is fundamentally broken due to a lack of understanding, reduction of scope, and a reliance on vulnerability “whack a mole.” To help break the barriers of the common security program we are going to have to divorce ourselves from the metrics of vulnerability statistics and Pavlovian risk color charts and really get to work on how our security programs perform during a REAL event. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters. In this talk, we will discuss the way that Internal and external teams have been created to simulate a REAL WORLD attack and work hand in hand with the Defensive teams to measure the environments resistance to the attacks. We will demonstrate attacks, capabilities, TTP’s tracking, trending, positive metrics, hunt integration and most of all we will lay out a road map to STOP this nonsense of Red vs BLUE and realize that we are all on the same team. Sparring and training every day to be ready for the fight when it comes to us. This is an update to our 2016 Brucon talk. We plan to discuss what have we accomplished regarding the above in the last year. We plan to show how we have progressed with the automation of attacker activities and event generation using MITRE’s Cyber Analytics Repository & CAR Exploration Tool (CARET) along with pumping these results to Unfetter (https://iadgov.github.io/unfetter/) for aggregation and display in a useful format.
Ace the Tech Interviews - www.hiredintech.comAnton Dimitrov
Are you scared of programming interviews at top tech companies like Google, Microsoft, Amazon and Facebook?
If you feel nervous or don't know how to solve hard problems, our team has answers for you.
We worked at several top tech companies like Google, Microsoft and Nvidia. Learn more about us and our services at www.hiredintech.com
This is a presentation we gave to students from Berkeley University, Santa Barbara University, University of Edinburg, EPFL - Switzerland and others. It covers things from building a perfect resume, through getting more interview invites to answering technical and non-technical question at the interviews at top software companies.
Let us know what you think or if you have any questions.
Black Ops Testing Workshop from Agile Testing Days 2014Alan Richardson
At Agile Testing Days 2014. Steve Green, Tony Bruce and Alan Richardson hosted a double track Black Ops Testing workshop, where Redmine was the target application.
Find out more about the Black Ops Testing Team: http://blackopstesting.com/page/about.html
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...Santhosh Tuppad
As technology evolved, software security faced huge challenges and as the years passed, the world has seen drastic changes far too quickly. And along with these advancements, even black-hat hackers or malicious hackers have evolved also very well. Today, the internet is the place for everyone where hackers dwell almost all the time. Every day new applications are released to the web and users start using them and even get addicted to them due to outstanding UX. But, wait! Did someone think about the "security" layer of these applications? Well, we often don’t and most of the applications today suffer from "beggarly / bad security".
In this talk, Santhosh Tuppad will focus on the pitfalls of bad security and why software security has failed in a pretty way. He will also shed light on how your users may be facing bigger problems than you can imagine due to bad software that lacks security testing. He will also demonstrate some of the lethal problems that exist in the industry and will talk about technical impact, business impacts like reputation damage, revenue loss and a lot more.
Not only that, Santhosh won’t end his talk without some hacking demonstrations that will for sure wow you. Finally, he will tell you how you can start security testing from day 1 and start contributing in terms of building secure software.
From this talk, you will gain an understanding about the problems that a lack of security testing presents and you find out about tool-assisted security testing; performing security tests through questioning. After the talk, you will be able to start identifying risks and report comm.on vulnerabilities giving you a feeling of “I can do this”
Embracing Culture, Sharing, and Systems from Employee 1.
Reference Article: https://rickmanelius.com/article/employee-1-and-beyond-system-set-checklist
Presented at the Boulder DevOps Presentation Meetup on 11/2019
Digital forensics and giving evidence by Jonathan Haddock Alex Cachia
Digital forensics is being used more and more as computers become increasingly prevalent in our lives. In this talk, Jonathan will walk us through a basic forensic process and discuss some of the complications. Jonathan will highlight some key forensics principles that you can follow without specialist software, allowing you to implement them as part of your own incident response process.
Hit by a Cyberattack: lesson learned. When you get hacked, how did it happen and what do you do? Rough side notes of a presentation for IFE, 8 december 2015.
Book: Software Architecture and Decision-MakingSrinath Perera
Uncertainty is the leading cause of mistakes made by practicing software architects. The primary goal of architecture is to handle uncertainty arising from user cases as well as architectural techniques. The book discusses how to make architectural decisions and manage uncertainty. From the book, You will learn common problems while designing a system, a default solution for each, more complex alternatives, and 5Q & 7P (Five Questions and Seven Principles) that help you choose.
Book, https://amzn.to/3v1MfZX
Blog: http://tinyurl.com/swdmblog
Six min video - https://youtu.be/jtnuHvPWlYU
Tired of doing upfront test script creation in your testing efforts? Feeling bad for demotivating your testers? Want something to replace this sickening approach to software testing? This presentation outlines why test scripts are not useful, and how test ideas are the new way forward to better testing. Coverage, traceability, reporting, automation and skills are all covered. Take a quick look and see if you can see there is another way to do software testing that is actually pure common sense.
Obstacles of Digital Transformation EvolutionEqual Experts
The talk will focus on some things that any consultant or leader should consider when entering into an organisation that has a stated desire to transform into the most Digital organisation possible.
Speaker: Ryan Bryers, Digital Transformation and Leadership, Equal Experts
HOW TO SCALE YOUR ONCALL OPERATION, AND SURVIVE TO TELL, ANTON DRUKHDevOpsDays Tel Aviv
“Being oncall sucks. But it doesn’t have to!” We all heard this one before. Why is it though, that oncall still remains the biggest scar for many? What can a modern Engineering org do to rein the oncall dragons, and actually help people grow as professionals as they go oncall?
In this talk, I will present the main reasons why oncall is difficult in modern orgs, and describe ways to mitigate these hardships. The idea is that oncall is often the ‘backroom’ of an org, where all the technical and organizational debt take their toll. Be it unwieldy systems or broken processes between teams, oncall checks all the ‘weak boxes’. Therefore, the only way to win at oncall is to sort out your debts, starting with the organizational ones.
I will dive into the detail of the oncall rotation at Snyk as the org scaled from 1 to 220 people, what worked well about it, and what was less than perfect. I will discuss the decisions made to turn oncall into a building block of the org, and show a path to rein oncall in your organization as well.
Slides de la charla "Pusheando en master, que es gerundio": https://www.meetup.com/es-ES/CSTechHub/events/271540517/
Vídeo: https://www.youtube.com/watch?v=UvtaujgCNsI
Descripción:
En esta sesión me gustaría compartir mi experiencia trabajando con Trunk-Based Development (TBD) durante los últimos años, tras haber pasado muchos otros con diversas estrategias de branching.
Empezando por intentar entender “por qué hacemos lo que hacemos”, qué buscamos realmente con cada práctica y principio, la idea es ver durante la sesión qué ventajas ofrece trabajar con TBD, sus inconvenientes, cuándo considero que tiene sentido hacerlo… y cuándo no.
Tras una primera parte de la charla más “unidireccional”, habrá una segunda parte ya plenamente grupal y participativa, donde todo el mundo pueda compartir sus experiencias, dudas, inquietudes, etc., para reflexionar y aprender juntes :-)
These are the slides of the third talk of the first Tech Talk@TransferWise Singapore, which happened on the 23rd of November 2017.
These slides share advice on how to prepare for a software engineering interview.
A talk about how to conduct usability research without a massive budget or it being a huge undertaking. Case Studies about past experiences in guerrilla UX as well as the "patent-pending" $1000 UX Lab.
Talk originally prepared for ProductTank Madison 2018-03-14.
See https://tinyurl.com/guerrilla-ux for slides, transitions, etc.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
2. What’s this talk about?
● Who I am
● How I got started in the industry
● What is “red teaming” and/or “pen testing”
● What’s a pen test look like?
○ Demos, lots of them
● How can you start learning this?
● Questions
3. uid=0(@ChrisTruncer)
● Christopher Truncer (@ChrisTruncer)
○ Hacker
○ Open Source Software Developer
■ Veil Framework Developer
○ Florida State Seminole
○ Random certs… blah
● Red Teamer and Pen Tester for Mandiant
4. How I Started
● College
○ College computer security class
○ Hack my roommate
■ “Wow, hacking is real”
○ Took a security class
○ Decided this is what I wanted to do
■ …. is this even a job?
5. How I Started
● Start off in a technical role
○ Wanted to get a technical foundation before
moving into security
● First job, not what I wanted
● Became a Sys Admin at Northrop Grumman
○ Stayed for about 2 years
● Began my plunge into security, and haven’t
looked back
9. Different Job Descriptions
● Vulnerability Assessment/Assessor
○ Scan a network for vulnerabilities with a
tool
● Penetration Tester
○ Take that output, exploit findings, hack into
systems
● Red Team
○ Adversary emulation, objective oriented,
don’t get caught
17. Phishing Our Way In
● Lots of different ways to get in, but phishing is
easiest
○ IT Department rolling out iPad’s for use
○ User selected for development environment
○ Meeting minutes from managers discussing
layoffs…
■ … then telling everyone not to read it
● We can forge it to come from anyone
22. What’s really used?
● We do use exploits, but less and less each year
○ What happens if the exploit doesn’t work?
○ What happens if it does?
● Misconfigurations are the way to go
○ Why hack something when we can just log in?
○ Path of least resistance
23. What’s the goal?
● Well, let’s first own the domain
○ Get the domain administrator account
● Demonstrate business impact
○ IT Admins understand domain admin, but does
a manager, or a CEO?
○ Target something the business cares about
■ The Coke recipe, database with SSNs?
● Report/Outbrief with fixes
24. What’s the goal (Red Team)?
● All of the above
● Add to value by working with their blue team
○ Teach them what you did
○ Help them try to detect it
○ Make them up your game
● Soft skills really help here
○ Be able to talk to people and explain you work
to tech and non-tech (muggles) audience
26. How’s a test work?
● First we get our “get out of jail free” card signed
○ Only thing that keeps it legal, and us not in jail
● We’ll likely get some sort of a scope
○ IP address range
○ Domain Names
● On our marks, get set, go!
27. Finding Live Systems
● So, we may have thousands of IP addresses…
○ Let’s find the real computers
● Once we have a list of live computers what’s
running on them?
○ Web server?
○ E-mail?
○ Database server?
● NMap to the rescue
28. Port Scanning with NMap
● NMap finds open ports with services running on it
● It will scan for the top 1000, or whatever you
specify
● It can guess:
○ Service running
○ Operating System
● It can run scripts too!
29.
30.
31. Sweet, what’s next?
● Now we know open ports and the services running
○ Research vulnerabilities for those versions
○ Or run a vulnerability scanner
● MS08-067
○ Basically everyone’s first exploit
○ Get Windows XP stock, and test against it
● We have an exploit for the system, use it!
32.
33.
34.
35. What about Websites?
● We test these too!
● Probably at least half of what we’re testing
○ Everyone has a website
○ Internal to a network, can be hundreds, or
thousands
● Let’s get breaking into them!
36.
37.
38. What I wish I knew
● Programming
○ Use it all the time for scripts, tools, Veil, etc.
● Mentor
○ You’re always one step in front and one step
behind someone
● Build a lab and play with it
○ You can’t break anything that costs money!
39. What I wish I knew
● Be prepared to be uncomfortable at times
○ Always in a new environment with new “stuff”
and you’re expected to break it
○ Perk of the job too :)
● Build your process
○ Learn how you best approach networks, web
apps, etc.
○ Use this to face what you don’t know
40. How to Learn
● Go to security conferences!
○ Might be anywhere from $10 - $300
○ BSides Conferences are local and almost always
free, or super cheap
● Build your own lab
○ VMWare is your best friend
○ VulnHub
● Try free CTFs
● Twitter!