SecDocs Feed for tag penetration testing

[Video] Google Hacking for Penetration Testers

Sun, 26 Feb 2012 12:20:53 +0100

Authors: Johnny Long
Tags: penetration testing
Event: DEFCON 13

[Audio] Google Hacking for Penetration Testers

Sun, 26 Feb 2012 11:58:24 +0100

Authors: Johnny Long
Tags: penetration testing
Event: DEFCON 13

[Slides] Kautilya: Teensy Beyond Shell

Sun, 05 Feb 2012 12:04:14 +0100

Authors: Nikhil Mittal
Tags: penetration testing
Event: Black Hat Abu Dhabi 2011
Abstract: As hackers, we have been exploiting the inherent trust by Operating System on Human Interface Devices for some time now. Teensy is a USB Micro-controller; a device which can act as a Human Interface Device when connected to a computer and is able to do the job pre-programmed in it. Many interesting things have been done using Teensy as a keyboard. We have mostly seen shells, many types of them. It is time we start looking at Teensy as a pentesting device capable of doing much more than popping shells. Introducing Kautilya, a toolkit which can be used to perform various pre-exploitation and post-exploitation activities. Kautilya aims on easing the use of attack vectors which traditionally require human intervention but can be automated using Teensy. Kautilya contains some nice customizable payloads which may be used for enumeration, info gathering, disabling countermeasures, keylogging and using Operating System against itself for much more. The talk will be full of live demonstrations.

[Paper] Kautilya: Teensy Beyond Shell

Sun, 05 Feb 2012 12:02:59 +0100

[Slides] Pentesting J2EE

Thu, 19 Jan 2012 06:49:24 +0100

Authors: Marc Schoenefeld
Tags: penetration testing
Event: Black Hat Federal 2006

[Slides] Client Side Penetration Testing

Tue, 17 Jan 2012 06:33:38 +0100

Authors: Max Caceres
Tags: penetration testing
Event: Black Hat EU 2006

[Slides] Stopping Automated Application Attack Tools

Mon, 16 Jan 2012 06:31:21 +0100

Authors: Gunter Ollmann
Tags: penetration testing
Event: Black Hat EU 2006

[Slides] IBM iSeries For Penetration Testers: Bypass Restrictions and Take Over Server

Fri, 13 Jan 2012 06:34:03 +0100

Authors: Shalom Carmel
Tags: penetration testing
Event: Black Hat EU 2006

[Slides] MatriXay—When WebApp&Database Security Pen-Test/Audit Is a Joy

Fri, 06 Jan 2012 13:08:59 +0100

Authors: Xiao Rong Yuan Fan
Tags: penetration testing
Event: Black Hat USA 2006

[Slides] Google Hacking for Penetration Testers

Fri, 30 Dec 2011 06:53:48 +0100

Authors: Johnny Long
Tags: penetration testing
Event: Black Hat EU 2005

[Slides] Google Attacks

Sun, 04 Dec 2011 06:28:33 +0100

Authors: Patrick Chambet
Tags: penetration testing
Event: Black Hat USA 2004

[Slides] Automated Penetration Testing

Wed, 02 Nov 2011 06:52:23 +0100

Authors: Ivan Arce Max Caceres
Tags: penetration testing
Event: Black Hat USA 2001

[Audio] SHODAN for Penetration Testers

Tue, 22 Mar 2011 05:25:06 +0100

Authors: Michael Schearer
Tags: penetration testing
Event: DEFCON 18

[Slides] SHODAN for Penetration Testers

Tue, 22 Mar 2011 05:25:06 +0100

Authors: Michael Schearer
Tags: penetration testing
Event: DEFCON 18

[Video] SHODAN for Penetration Testers

Tue, 22 Mar 2011 05:25:06 +0100

Authors: Michael Schearer
Tags: penetration testing
Event: DEFCON 18

[Video] Programmable HID USB Keystroke Dongle: Using the Teensy as a pen testing device

Mon, 31 Jan 2011 05:25:11 +0100

Authors: Adrian Crenshaw
Tags: penetration testing
Event: DEFCON 18

[Audio] Programmable HID USB Keystroke Dongle: Using the Teensy as a pen testing device

Mon, 31 Jan 2011 05:25:10 +0100

Authors: Adrian Crenshaw
Tags: penetration testing
Event: DEFCON 18

[Slides] Programmable HID USB Keystroke Dongle: Using the Teensy as a pen testing device

Sun, 30 Jan 2011 14:43:59 +0100

Authors: Adrian Crenshaw
Tags: penetration testing
Event: DEFCON 18

[Slides] No More of the Same Bad Security: Why the OSSTMM 3 is Threatening Modern Security Practices

Thu, 13 Jan 2011 19:03:41 +0100

Authors: Pete Herzog
Tags: penetration testing
Event: Hashdays 2010
Abstract: Modern security has become just a dance-off between jargon and products. Enterprises are doing what their being told by compliance requirements, books, and blogs and it's not working or it's not scaling. The problem is we are being taught to build defenses like consumers and it fails us again and again. Then most of us learn to late however that it's failed because the verification methods and security metrics provided are biased or indirect and therefore point out unmanageable and imaginary cause/effect relationships. That's why ISECOM took a different direction with the OSSTMM 3. This short seminar will explain how and why the OSSTMM 3 is nothing like security that you know. There's no Risk analysis, no threat analysis, no patching, and no security awareness yet it works efficiently and economically. The operational security metrics and trust metrics you will see in action are realistic and allow for immediate and accurate defensive changes in your tactics and overall strategy. The OSSTMM 3 will challenge what you think you know about security. Be prepared to be amazed.

[Slides] Red Teaming

Sun, 26 Dec 2010 05:25:14 +0100

Authors: Michael Jordon
Tags: penetration testing
Event: Ruxcon 2010

[Slides] No Holds Barred’ Penetration Testing

Thu, 23 Dec 2010 05:25:16 +0100

Authors: Jarrod Loidl
Tags: penetration testing
Event: Ruxcon 2010
Abstract: This presentation aims to explain why security consultancies are losing the war in providing meaningful value to clients in Australia and what the security industry must do to affect positive change. Conversely, this talk will also cater to potential clients who wish to commission penetration tests what they need to do in order to gain the greatest value from them by creating an environment that is accepting of the problems and a willingness to properly remediate findings. This talk is not intended to pinpoint blame but rather provide an industry update with some context. While the conclusions can be debated, the evidence presented will be irrefutable that changes are needed. This presentation will be delivered by someone who has walked both sides of the fence - the client's side having hired multiple professional penetration testing teams and driven remediation efforts, to the consulting side and seeing the commercial realities facing consultancies and the pain experienced by multiple clients.

[Video] Metasploit Pro - An HD Moore Production

Sun, 19 Dec 2010 05:25:15 +0100

Authors: H.D. Moore
Tags: penetration testing
Event: SecTor 2010

[Video] Beyond Exploits: Real World Penetration Testing

Thu, 02 Dec 2010 19:59:10 +0100

Authors: H.D. Moore
Tags: penetration testing
Event: SecTor 2010

[Slides] Beyond Exploits: Real World Penetration Testing

Thu, 02 Dec 2010 19:40:37 +0100

Authors: H.D. Moore
Tags: penetration testing
Event: SecTor 2010

[Video] Turn-Key Pen Test Labs

Sat, 20 Nov 2010 12:08:42 +0100

Authors: Thomas Wilhelm
Tags: penetration testing
Event: PhreakNIC 11
Abstract: Currently, those interested in learning how to professionally conduct Information System Penetration Tests have very little options available to them - they can either illegally attack Internet-connected systems, or create their own PenTest Lab. For those who prefer to avoid legal complications, they really only have the last option - a lab. However, this can be a very complicated and expensive alternative. In addition, scenarios have to be created that actually represent real-world scenarios; for a beginner this is a Catch-22 since they don't yet have the experience to even know what these scenarios might look like, let alone design them in a challenging way. In order to provide a simply way for both beginners and experts to improve their skills in Penetration Testing, I have designed what is, in effect, a Turn-Key Pen Test Lab using LiveCDs and minimal equipment requirements. The LiveCDs each represent different scenarios that mimic real-world systems and services, which provide essential challenges to improve critical skills in the field of Pen Testing.

[Video] Malicious USB Devices: Is that an attack vector in your pocket or are you just happy to see me?

Sun, 14 Nov 2010 06:12:57 +0100

Authors: Adrian Crenshaw
Tags: penetration testing
Event: PhreakNIC 14

[Video] Physical Penetration Testing

Sat, 13 Nov 2010 10:47:04 +0100

Authors: Brian Martin Keith Pachulski
Tags: penetration testing
Event: ShoeCon 2010

[Video] Operating in the Shadows

Tue, 09 Nov 2010 21:24:25 +0100

Authors: Carlos Perez
Tags: penetration testing
Event: Hack3rCon 2010
Abstract: Operating in the Shadows: The presentation covers what are the most common artifacts that are left during a pentest, how to reduce this number and operate in a way to make it harder to detect the presence of the pentester and reduce the amount of information left on the target host by using Meterpreter and it's capabilities.