Overview
Syllabus
Intro
Crisis of Confidence
MissionAccomplished
Weve gotten to a point
Lack of control
Risk exposure
Global financial crisis
Nothing happens
A simple quick test
The problem with InfoSec
Quick Kill
Pen Testers
Poll
One Zero Day
Zero Day Splits
You Never Need Zero Day
Why Do We Need Zero Day
Are Our Attackers Using Zero Day
Mass Vonage
Aurora
HBGary
Charlie Miller
Tauntaun
Attack a Mess
Quick Lessons
Browsers are the weakest link
Browsers dont show up on pen test report
Current version of Java
Attacking Java
Ignoring ZeroDay
ZeroDay for Everything
Arms Race
In intractable problem
Professional pen testers
How to get data out of networks
Squeezer
Leader
Sequel Injection
Classic Case
Coverage
Market for Lemons
Penetration Testing is Harmful
Why is Penetration Testing so Popular
Hill Climbing Problem
Pen Test Standard
Elevation of Privilege
App Testing
PaperBased Testing
Gamification
Opponents
Zero Day
Will it make pen tests less fun
Focus on the customers problem
Show how clever you are
Do we need to change
Were in this bad spot
Antivirus
Integrity
Reset
Outro
Taught by
44CON Information Security Conference