Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. ... https://www.youtube.com/watch?v=4iwu-otuw-E
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=Yf4faXP8VrY
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=0FV53NKzA84
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=6la9gUFspPA
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=33Jr1wkaCmQ
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=QeSmflCEZeA
Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools
Wesley McGrew Director of Cyber Operations, HORNE Cyber
Following previous presentations on the dangers penetration testers face in using current off-the-shelf tools and practices (Pwn the Pwn Plug and I Hunt Penetration Testers), this third presentation explores how widely available learning materials used to train penetration testers lead to inadequate protection of client data and penetration testing operations. With widely available books and other training resources targeting the smallest set of prerequisites, in order to attract the largest audience, many penetration testers adopt the techniques used in simplified examples to real world tests, where the network environment can be much more dangerous. Malicious threat actors are incentivized to attack and compromise penetration testers, and given current practices, can do so easily and with dramatic impact.
This presentation will include a live demonstration of techniques for hijacking a penetration tester's normal practices, as well as guidance for examining and securing your current testing procedures. Tools shown in this demonstration will be released along with the talk.
Wesley currently oversees and participates in penetration testing in his role of Director of Cyber Operations for HORNE Cyber Solutions. He has presented on topics of penetration testing, vulnerabilities, and malware analysis at DEF CON and Black Hat USA. He teaches a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley graduated from Mississippi State University's Department of Computer Science and Engineering and previously worked at the Distributed Analytics and Security Institute. He holds a Ph.D. in computer science for his research in vulnerability analysis of SCADA HMI systems.
@McGrewSecurity
...
https://www.youtube.com/watch?v=v-7zfbQpsmQ
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=PqhOMoa7p4s
Mike Principal Cyber Security Engineer, The MITRE Corporation
We've all worked on ‘closed systems’ with little to no direct Internet access. And we've all struggled with the limitations those systems put on us in the form of available tools or software we want to use. I didn't like struggling, so I came up with a method to load whatever I wanted on to a closed system without triggering any common security alerts. To do this I had to avoid accessing the Internet or using mag media. In the end all I needed was an office multi-function machine and Excel. It's all any insider needs.
For my presentation and demo, I'll show you how I delivered a select group of PowerSploit tools to a clean, isolated machine. Of course, Excel has been known as vector for macro viruses for quite some time and some of the techniques--such as hex-encoding binary data and re-encoding it on a target machine--are known binary insertion vectors but I have not found any prior work on an insider using these techniques to deliver payloads to closed systems. You'll leave my presentation knowing why Excel, umm, excels as an insider attack tool, how to leverage Excel features to load and extract arbitrary binary data from a closed network, and what to do if this really frightens you.
Mike has over 20 years experience in the military. He has been part of everything from systems acquisition, to tactical intelligence collection, to staff work, to leading a unit dedicated to data loss prevention. He recently retired from active military service and is now working as a systems security engineer. This is Mike's first security conference presentation and will also be the first public release of a tool he has written. Mike has previously published twice in 2600 magazine. Mike is super proud of his OSCP certification. He's also a CISSP.
Twitter: @miketofet
...
https://www.youtube.com/watch?v=PV-FDEkVwNc