Archive: May 2015
Adaptive Penetration Testing 6: The Teensy Attack
Posted by david b. on May 31, 2015
What’s described here is another somewhat hilarious security assessment story, where a company got compromised through keyboards presented to the IT staff.
Dave: The next one is Company 2, which is malicious media. This actually happened this month. It was an engagement that I was working on. It’s a...
Adaptive Penetration Testing 5: Physical Part of the Compromise
Posted by david b. on May 22, 2015
The InfoSec celebrities narrate the details of another facet of the assessment, where the company’s premises and IT infrastructure were physically trespassed.
Dave Kennedy: Kevin, by far, is one of the most meticulous people I’ve met. I mean, for me it’s kind of a hack job, I’m like “Oh, this...
Adaptive Penetration Testing 4: Windows UAC Bypass
Posted by david b. on May 17, 2015
Dave Kennedy and Kevin Mitnick discuss a method to circumvent User Account Control on Windows by means of a Java applet and the Social-Engineer Toolkit.
Dave: What I’m going to show you here is a demonstration of that actual bypass using the Social-Engineer Toolkit and the Java applet. What I’m going to...
Adaptive Penetration Testing 3: Prep for a Software Vendor Compromise
Posted by david b. on May 10, 2015
Moving on from theory to practice, Kevin Mitnick and Dave Kennedy share some experience on extensive preparation for an actual software company breach.
Dave: Our first demo is Company 1, which Kevin was doing assessment on in December 2010.
Kevin: It was a company that developed software for the financial...
Mikko Hypponen
Bruce Schneier
Moxie Marlinspike
Eugene Kaspersky
Brian Krebs
