Description: Ask your incident response team how often they see stand-alone meterpreter binaries. Now ask your tiger team how often they complete a project without using an exploit framework. See the disconnect? Remember when penetration tests were supposed to model what the black hats were actually doing? We're going to combat this trend head-on, put the forensic lens on a typical internal pentest, re-engineer penetration testing for stealth mode, and show where CVSS misses the mark as a measure of what to fix.
Tim Maletic is a consultant within the Penetration Testing team at Trustwave's SpiderLabs. Tim has been working in Information Technology since the birth of the web, and has focused full-time on information security since 2001.
Having served as a US Army Signal Corps Warrant Officer, Chris Pogue worked on digital forensic investigations and as Cyber Security Instructor. In his role with SpiderLabs, Pogue performs investigations all over the United States, Central and South America, and the Caribbean Islands.
Tags: securitytube , shmoocon , shmoo con , hacking , hackers , information security , convention , computer security , shmoo 12 , shmoocon 12 , shmoocon-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.