Learn essential strategies and techniques to improve your penetration testing skills in this comprehensive 52-minute conference talk by John Strand. Explore common pitfalls in pen testing, including scanning issues and the importance of looking beyond automated tools. Discover advanced techniques such as ISR Evilgrade attacks, DNS host analysis, and firewall log analysis for C2 detection. Gain insights on avoiding detection, expanding your testing scope, and adhering to the Penetration Testers Code of Ethics. Enhance your ability to identify vulnerabilities, conduct thorough assessments, and provide valuable security insights to organizations.
Overview
Syllabus
Intro
We Have a Problem
Scanning Issues
Looking for Red
Solution
Informational: Directory Listing
Informational: SMTP Server Found
Going Beyond Scanning
Getting Caught
One step forward...
ISR Evilgrade Attacks
Finding New Areas
Techniques: DNS
Host Analysis
C2: Firewall logs
Moving Forward
Penetration Testers Code of Ethics
