Description: Description: I’ve been on the conference circuit for the last year preaching the importance of thorough reconnaissance as a part of the penetration testing methodology. I’ve talked about the principles of reconnaissance, how to accomplish it quickly and effectively, and even released a few tools to help along the way. In my latest tool, the Recon-ng framework, the power of reconnaissance has been taken to a new level. In this talk, I am going to discuss and demonstrate the power of the Recon-ng framework by walking attendees through a live reconnaissance scenario which starts with the tester having nothing but the framework, and ends in the tester gaining credentials to the target environment. All without sending a single packet to the target network. Come a skeptic. Leave a believer. Reconnaissance is king.
Bio: Tim Tomes is a Senior Security Consultant, Research Specialist, and Developer for Black Hills Information Security with over 20 years experience in information technology and application development. During a 9-year career as an Officer in the United States Army, Tim spent three years as the Army Red Team Senior Team Leader and was the principle developer and manager of the Army’s first Cyber Defense Training Program (255S). Tim manages multiple open source projects such as the Recon-ng framework, the HoneyBadger Geolocation framework, and PushPin, is a SANS Instructor for SEC542 Web Application Penetration Testing, writes technical articles for PaulDotCom, and frequently presents at Security Conferences such as ShmooCon, DerbyCon, Hack3rCon, and Regional ISSA Conferences.
For More Information please visit : - http://www.irongeek.com/i.php?page=videos/derbycon3/mainlist
Tags: securitytube , hacking , hackers , information security , convention , computer security , derbycon-2013 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.