Spanking the Monkey (or How Pentesters Can Do It Better!)

DerbyCon V - Unity

Presented by: Antonio Herraiz (antonioherraizs), Justin Whitehead (3uckaro0)
Date: Friday September 25, 2015
Time: 16:00 - 16:50
Location: Track 4
Track: The 3-Way

In today’s mainstream penetration testing and Red Team environments we feel that the teams are relying too much on noisy scanners. In part making for a large group of scanner monkeys. This talk is bringing back old school ways with a new flavor, a new flair to prove that those techniques still work in the majority of engagements that many of us are involved in. The problem with many tools is not only how noisy they can be, but also the amount of logic and decision making that goes on under the hood without any human input. We want to show manual testing of a web application in order to: 1. Make a pentester a valuable asset that won’t be replaced by a tool. 2. Demystify the idea that scanners are necessary for pentesting. 3. Show how you can become a stealthy attacker.

Justin Whitehead

Antonio Herraiz


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats