Quantcast

Archive: May 2015

Adaptive Penetration Testing 6: The Teensy Attack

What’s described here is another somewhat hilarious security assessment story, where a company got compromised through keyboards presented to the IT staff. Dave: The next one is Company 2, which is malicious media. This actually happened this month. It was an engagement that I was working on. It’s a...

Adaptive Penetration Testing 5: Physical Part of the Compromise

The InfoSec celebrities narrate the details of another facet of the assessment, where the company’s premises and IT infrastructure were physically trespassed. Dave Kennedy: Kevin, by far, is one of the most meticulous people I’ve met. I mean, for me it’s kind of a hack job, I’m like “Oh, this...

Adaptive Penetration Testing 4: Windows UAC Bypass

Dave Kennedy and Kevin Mitnick discuss a method to circumvent User Account Control on Windows by means of a Java applet and the Social-Engineer Toolkit. Dave: What I’m going to show you here is a demonstration of that actual bypass using the Social-Engineer Toolkit and the Java applet. What I’m going to...

Adaptive Penetration Testing 3: Prep for a Software Vendor Compromise

Moving on from theory to practice, Kevin Mitnick and Dave Kennedy share some experience on extensive preparation for an actual software company breach. Dave: Our first demo is Company 1, which Kevin was doing assessment on in December 2010. Kevin: It was a company that developed software for the financial...