So you got into a network, but now what? You might be swimming in a corporate environment full of thousands of systems and users. If you're in a goal- oriented penetration testing scenario, it's important to quickly and efficiently find the crown jewels. In this presentation we will present post- exploitation strategies and techniques for finding the interesting bits in a big network. We will be releasing several tools and describing practical data collection and analysis techniques for converting a compromise into success criteria.
While working in the information security industry over the past 5 years Patrick Fussell has worked in numerous roles to increase the security of electronically stored data for customers while always improving his skill set. With a background predominantly in penetration testing, security assessment, and auditing he spent much of the last few years working with a wide range of consulting and analysis based engagements. Currently based out of Monterey, CA he regularly performs penetration tests for clients of all sizes, and has a strong desire to contribute to the larger community with his projects.
Josh Stone has been in infosec for over 15 years, working variously in incident response, forensics, architecture, penetration testing, application testing, and more. He's worked in manufacturing, financial, educational, and payment card industries. Josh's research focus is in post-exploitation tools and techniques, trying to find creative ways around the barriers people build around the crown jewels in their networks.