Articles

How not to suck at pen testing 5: Hunt teaming

This part is about a really interesting, highly effective take on network penetration testing advocated by John Strand and his colleague Joff Thyer. John Strand: So, let’s talk about trying to find new areas, and that’s kind of where we are going to start tying this up (see right-hand image). We need to...

How not to suck at pen testing 4: Bit9 issues and ISR Evilgrade attacks

John Strand dwells on a few nontrivial vectors applicable for compromising target organization’s IT infrastructure and bypassing technologies like Bit9. Also, there’s data loss prevention. As I said, we’re in the midst of a webcast called “Sacred Cash Cow Tipping”. In information security,...

How not to suck at pen testing 3: Mitigating structural weaknesses

The author of the presentation moves on to express his viewpoint on the correct way of handling structural vulnerabilities found during a security assessment. Another kind of offset one was antivirus. I know that this isn’t leet at all, but a couple of weeks ago we did a webcast called “Sacred Cash Cow...

How not to suck at pen testing 2: Thinking beyond the Reds

Some information security engagements described by John Strand demonstrate that the Criticals in pen test reports are not the only things to look at. A number of years ago Ethan Robish, who was with Black Hills Information Security, was doing a pen test for a customer of ours that had multiple pen tests from...

How not to suck at pen testing – John Strand

John Strand, the owner of Black Hills Information Security, shares his perspective upon what the present-day penetration testing should be like. The name of this presentation is “How not to suck at pen testing”. There’s a lot of presentations that you’ll see where people just rip on the pen...

Adaptive Penetration Testing 8: The Social-Engineer Toolkit Works Wonders

In the closing part of the presentation, Dave Kennedy reviews some cool features of the new version of SET, and Kevin Mitnick demonstrates his famous whistle. Dave: Now I want to go into the Social-Engineer Toolkit 2.1, which is getting released today. I’ll upload it, probably, tonight when I maybe...

Adaptive Penetration Testing 7: Rogue AP and the Blackout Jammer

Kevin Mitnick and Dave Kennedy share two more pentest stories: one involving a rogue certificate and the other one based on exploiting powerline communication. Dave: We have a little bit time left, so Kevin do you want to fly through this one? This is the external and wireless penetration test (see...

Adaptive Penetration Testing 6: The Teensy Attack

What’s described here is another somewhat hilarious security assessment story, where a company got compromised through keyboards presented to the IT staff. Dave: The next one is Company 2, which is malicious media. This actually happened this month. It was an engagement that I was working on. It’s a...

Adaptive Penetration Testing 5: Physical Part of the Compromise

The InfoSec celebrities narrate the details of another facet of the assessment, where the company’s premises and IT infrastructure were physically trespassed. Dave Kennedy: Kevin, by far, is one of the most meticulous people I’ve met. I mean, for me it’s kind of a hack job, I’m like “Oh, this...

Adaptive Penetration Testing 4: Windows UAC Bypass

Dave Kennedy and Kevin Mitnick discuss a method to circumvent User Account Control on Windows by means of a Java applet and the Social-Engineer Toolkit. Dave: What I’m going to show you here is a demonstration of that actual bypass using the Social-Engineer Toolkit and the Java applet. What I’m going to...