Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

Adaptive Penetration Testing 8: The Social-Engineer Toolkit Works Wonders

In the closing part of the presentation, Dave Kennedy reviews some cool features of the new version of SET, and Kevin Mitnick demonstrates his famous whistle. Dave: Now I want to go into the Social-Engineer Toolkit 2.1, which is getting released today. I’ll upload it, probably, tonight when I maybe...

Adaptive Penetration Testing 7: Rogue AP and the Blackout Jammer

Kevin Mitnick and Dave Kennedy share two more pentest stories: one involving a rogue certificate and the other one based on exploiting powerline communication. Dave: We have a little bit time left, so Kevin do you want to fly through this one? This is the external and wireless penetration test (see...

Adaptive Penetration Testing 6: The Teensy Attack

What’s described here is another somewhat hilarious security assessment story, where a company got compromised through keyboards presented to the IT staff. Dave: The next one is Company 2, which is malicious media. This actually happened this month. It was an engagement that I was working on. It’s a...

Adaptive Penetration Testing 5: Physical Part of the Compromise

The InfoSec celebrities narrate the details of another facet of the assessment, where the company’s premises and IT infrastructure were physically trespassed. Dave Kennedy: Kevin, by far, is one of the most meticulous people I’ve met. I mean, for me it’s kind of a hack job, I’m like “Oh, this...

Adaptive Penetration Testing 4: Windows UAC Bypass

Dave Kennedy and Kevin Mitnick discuss a method to circumvent User Account Control on Windows by means of a Java applet and the Social-Engineer Toolkit. Dave: What I’m going to show you here is a demonstration of that actual bypass using the Social-Engineer Toolkit and the Java applet. What I’m going to...

Adaptive Penetration Testing 3: Prep for a Software Vendor Compromise

Moving on from theory to practice, Kevin Mitnick and Dave Kennedy share some experience on extensive preparation for an actual software company breach. Dave: Our first demo is Company 1, which Kevin was doing assessment on in December 2010. Kevin: It was a company that developed software for the financial...

Adaptive Penetration Testing 2: Real vs Simulated Breach

Dave Kennedy and Kevin Mitnick focus on nuances of real-world company breaches as opposed to simulated ones and explain why the former are more instructive. Dave Kennedy: We are the only industry that I know of who keep increasing their budget, keep increasing their capital expenditures, and continue to get...

Adaptive Penetration Testing by Kevin Mitnick & Dave Kennedy

Computer security gurus Kevin Mitnick and Dave Kennedy taking the floor at DerbyCon to explain the concept of adaptive pentesting and cover its advantages. Dave Kennedy: Thanks everybody for coming for the talk! Obviously, Kevin Mitnick and myself wanted to get together and get a talk around adaptive...

Masquerade 5: Closing Thoughts

Before winding up with the presentation, Ryan Lackey and Marc Rogers provide some final details on the travel routers and answer DEF CON audience’s questions. Ryan Lackey: So, out of this full range of hardware we needed to come up with initial piece of hardware that we wanted to support as a development...

Masquerade 4: Introducing Secure Travel Routers

The experts finally get to the point of integrating different hardware and firmware components into a single device intended for one’s security when traveling. Marc Rogers: There are Tor pluggable transports (see right-hand image), which is a great tool. There are seven of them that are live right now, I...