As penetration testers, we often try to impact an organization as efficient and effective as we can to simulate an attack on an organization. What if you could own one system to own them all? That's it, one system. It's all you need, it's in every company, and as soon as you compromise it, the rest fall (no not a domain controller). This presentation will cover a recent penetration test where I came up with a unique avenue to getting over 13,000 shells in just a few minutes by popping one server. I'll be releasing some custom tools to make this simplistic and automate the majority of what was used on this attack. Let's pop a box.
Dave Kennedy will be signing copies of his book, Metasploit: The Penetration Tester's Guide, at 14:00 on Friday at the No Starch Press table in the Vendor area.