Adaptive Penetration Testing

DerbyCon 1 - 2011

Presented by: David Kennedy (Rel1k), Kevin Mitnick
Date: Friday September 30, 2011
Time: 12:00 - 12:50
Location: Track 1

Penetration Testing is something that has many different meaning depending on the context used by the person. The Penetration Testing Execution Standard (PTES) is aimed to change that. In this talk we’ll be covering adaptive penetration testing which essentially is the ability to conform and change based on the environment that your attacking. We’ll be covering several live examples used in real-world penetration tests, how we discovered some clever tricks to circumvent security controls, and eventually be creative and gain unauthorized access.

David Kennedy

David Kennedy (ReL1K) is a security ninja and penetration tester that likes to write code, break things, and develop exploits. Dave is a Chief Information Security Officer (CISO) for a Fortune 1000. Dave is on the Back|Track and Exploit-Database development team and a core member of the Social-Engineer podcast and framework. David continues to contribute to a variety of open-source projects. David had the privilege in speaking at some of the nations largest conferences on a number of occasions including BlackHat, Defcon and Shmoocon. David is the creator of the Social-Engineer Toolkit (SET), Fast-Track, modules/attacks for Metasploit, and has released a number of public exploits. David heavily co-authored the Metasploit Unleashed course available online and has a number of security related white-papers in the field of exploitation. David has a book soon to be released in June from NoStarch Press, “Metasploit: A Penetration Testers Guide”. David is one of the founders of DerbyCon, a hacker con located in Louisville, Kentucky. Lastly, David worked for three letter agencies during his U.S Marine Corp career in the intelligence field specializing in red teaming and computer forensics.

Kevin Mitnick

With more than twenty-five years of experience in exploring computer security, Kevin Mitnick is a largely self-taught expert in exposing the vulnerabilities of complex operating systems and telecommunications devices. His hobby as an adolescent consisted of studying methods, tactics, and strategies used to circumvent computer security, and to learn more about how computer systems and telecommunication systems work. In building this body of knowledge, Kevin gained unauthorized access to computer systems at some of the largest corporations on the planet and penetrated some of the most resilient computer systems ever developed. He has used both technical and non-technical means to obtain the source code to various operating systems and telecommunications devices to study their vulnerabilities and their inner workings. As the world’s most famous (former) hacker, Kevin has been the subject of countless news and magazine articles published throughout the world. He has made guest appearances on numerous television and radio programs, offering expert commentary on issues related to information security. In addition to appearing on local network news programs, he has made appearances on 60 Minutes, The Learning Channel, Tech TV’s Screen Savers, Court TV, Good Morning America, CNN’s Burden of Proof, Street Sweep, and Talkback Live, National Public Radio, and as a guest star on ABC’s spy drama “Alias”. Mitnick has served as a keynote speaker at numerous industry events, hosted a weekly talk radio show on KFI AM 640 in Los Angeles, testified before the United States Senate, written for Harvard Business Review and spoken for Harvard Law School. His first best-selling book, The Art of Deception, was published in October 2002 by Wiley and Sons Publishers. His second title, The Art of Intrusion, was released in February 2005. Mr. Mitnick’s autobiography is due for release in late summer 2011.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats