How not to suck at pen testing

DerbyCon 4.0 - Family Rootz

Presented by: John Strand
Date: Friday September 26, 2014
Time: 15:00 - 15:50
Location: Track 2

Godamitsomuch. How did printing a report from a vuln scanner qualify as a “pen test”? Why are your testers ignoring low and informational findings?

In this presentation, John will cover some key components that many penetration tests lack, including why it is important to get caught, why it is important to learn from real attackers and how to gain access to organizations without sending a single exploit, and how to look for other attackers on the network. Additionally, John will show you how to bypass "all powerful" white listing applications that are often touted as an impenetrable defense.

John Strand


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats