Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

Adaptive Penetration Testing 7: Rogue AP and the Blackout Jammer

Kevin Mitnick and Dave Kennedy share two more pentest stories: one involving a rogue certificate and the other one based on exploiting powerline communication. Dave: We have a little bit time left, so Kevin do you want to fly through this one? This is the external and wireless penetration test (see...

Adaptive Penetration Testing 6: The Teensy Attack

What’s described here is another somewhat hilarious security assessment story, where a company got compromised through keyboards presented to the IT staff. Dave: The next one is Company 2, which is malicious media. This actually happened this month. It was an engagement that I was working on. It’s a...

Adaptive Penetration Testing 5: Physical Part of the Compromise

The InfoSec celebrities narrate the details of another facet of the assessment, where the company’s premises and IT infrastructure were physically trespassed. Dave Kennedy: Kevin, by far, is one of the most meticulous people I’ve met. I mean, for me it’s kind of a hack job, I’m like “Oh, this...

Adaptive Penetration Testing 4: Windows UAC Bypass

Dave Kennedy and Kevin Mitnick discuss a method to circumvent User Account Control on Windows by means of a Java applet and the Social-Engineer Toolkit. Dave: What I’m going to show you here is a demonstration of that actual bypass using the Social-Engineer Toolkit and the Java applet. What I’m going to...

Adaptive Penetration Testing 3: Prep for a Software Vendor Compromise

Moving on from theory to practice, Kevin Mitnick and Dave Kennedy share some experience on extensive preparation for an actual software company breach. Dave: Our first demo is Company 1, which Kevin was doing assessment on in December 2010. Kevin: It was a company that developed software for the financial...

Adaptive Penetration Testing 2: Real vs Simulated Breach

Dave Kennedy and Kevin Mitnick focus on nuances of real-world company breaches as opposed to simulated ones and explain why the former are more instructive. Dave Kennedy: We are the only industry that I know of who keep increasing their budget, keep increasing their capital expenditures, and continue to get...

Adaptive Penetration Testing by Kevin Mitnick & Dave Kennedy

Computer security gurus Kevin Mitnick and Dave Kennedy taking the floor at DerbyCon to explain the concept of adaptive pentesting and cover its advantages. Dave Kennedy: Thanks everybody for coming for the talk! Obviously, Kevin Mitnick and myself wanted to get together and get a talk around adaptive...

Masquerade 5: Closing Thoughts

Before winding up with the presentation, Ryan Lackey and Marc Rogers provide some final details on the travel routers and answer DEF CON audience’s questions. Ryan Lackey: So, out of this full range of hardware we needed to come up with initial piece of hardware that we wanted to support as a development...

Masquerade 4: Introducing Secure Travel Routers

The experts finally get to the point of integrating different hardware and firmware components into a single device intended for one’s security when traveling. Marc Rogers: There are Tor pluggable transports (see right-hand image), which is a great tool. There are seven of them that are live right now, I...

Masquerade 3: “The Great Firewall of China”

In addition to describing China’s web traffic restriction approaches, the speakers also touch upon the benefits and disadvantages of VPNs and Tor. Ryan Lackey: Then we’ve got examples of when you travel to places like China. China is a great place to visit, but they have a fairly restrictive...