Explore intelligence-led penetration testing in this 26-minute Security BSides London conference talk by Cam Buchanan. Learn how to evolve penetration testing methods to combat sophisticated cyber-attacks by incorporating threat intelligence and OSINT. Discover BAE Systems' approach to collecting, repurposing, and mimicking real attack toolkits attributed to threat actors. Gain insights into turning threat intelligence reports into actionable tests, emulating distinct attack groups and tools. Understand the process of applying this knowledge to STAR and intelligence-led penetration testing assignments. Topics covered include threat intelligence, DLLs, watering hole attacks, DLL sideloading, JPEG steganography, and potential drawbacks of these methods.
Overview
Syllabus
Intro
Threat Intelligence
DLLs
Watering Hole Attack
dll sideloading
JPEG stego
Cons
Summary
Taught by
Security BSides London
Related Courses
-
Penetration Testing, Threat Hunting, and Cryptography
-
Penetration Testing Execution Standard (PTES)
-
Open Source Intelligence (OSINT) Fundamentals
-
Stories from the Front Line - Forensic Investigation and Incident Response
-
PASTA Threat Modeling: Leveraging Incident Response and Threat Intelligence for Tactical Penetration Testing
-
Know the Enemy - How to Make Threat Intelligence Work
