Description: As penetration testers, we often try to impact an organization as efficient and effective as we can to simulate an attack on an organization. What if you could own one system to own them all? That's it, one system. It's all you need, it's in every company, and as soon as you compromise it, the rest fall (no not a domain controller). This presentation will cover a recent penetration test where I came up with a unique avenue to getting over 13,000 shells in just a few minutes by popping one server. I'll be releasing some custom tools to make this simplistic and automate the majority of what was used on this attack. Let's pop a box.
Dave Kennedy is the Chief Security Officer (CSO) for a Fortune 1000 company. Kennedy is the author of the book Metasploit: The Penetration Testers Guide, the creator of the Social-Engineer Toolkit (SET), and the creator of Fast-Track. Kennedy has presented on a number of occasions at Black Hat, DEF CON, ShmooCon, BSIDES, Infosec World, Notacon, AIDE, Hashdays, Infosec Summit, and a number of other conferences. Kennedy is on the Back|Track and Exploit-DB development team and co-host of the Social-Engineer.org and ISDPodcast podcast. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is a co-founder of DerbyCon, a large-scale security conference in Louisville Kentucky. Kennedy 3's Python.
Twitter: @dave_rel1k
http://www.secmaniac.com/
Dave DeSimone is the Manager of Information Security for a Fortune 1000 company. DeSimone has developed, implemented, and operationalized the global vulnerability management program for multiple distinct international organizations. DeSimone's expertise is in penetration testing, security event response, network security, vulnerability/malware analysis and security architecture. DeSimone has also developed major programs including risk management, penetration testing, and application security.
Twitter: @d2theave
Tags: securitytube , hacking , hackers , information security , convention , computer security , defcon-20 , defcon-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.