Overview
Explore adaptive penetration testing techniques in this 59-minute conference talk featuring renowned security experts Kevin Mitnick and Dave Kennedy. Delve into the basics of penetration testing, examining forgotten aspects and current security spending trends. Compare real breaches with simulated scenarios, and learn about innovative tools like the System Profiler. Discover methods for profiling targets, bypassing Windows UAC, and executing various attack strategies, including the Teensy Attack and In-Line attack. Gain insights into jamming and sniffing techniques, Arduino device applications, and the Social-Engineer Toolkit v2.1. Enhance your cybersecurity knowledge with this comprehensive overview of modern penetration testing approaches.
Syllabus
Intro
The Basics of Penetration Testing
Have we forgotten?
Security Spend (Gartner)
Option 1 - A real breach
Option 2 - A simulated breach
Adaptive Pentesting
December 2010
System Profiler
Setting the Stage
Profiling the target
Bypassing Windows UAC
Lessons Learned
The attack
The Teensy Attack
In-Line attack
Testing the jammer/sniffer
The Arduino Device
Modifying the TW523
The working Jammer
The Social-Engineer Toolkit v2.1