Brian Halbach presents a captivating talk at WWHF Deadwood 2022, focusing on the enduring effectiveness of older techniques in penetrating networks. As a seasoned pentester and having observed actual attackers, Brian highlights that simplicity can often yield impressive results in accessing a network. While newer exploits garner attention, he emphasizes the value of revisiting and understanding older attack methods that still find weak points in an organization’s defenses
Jason Downey shares his whirlwind experiences from his first year as a Penetration Tester. The talk is aimed at newer pentesters or those aspiring to enter the field, offering valuable insights that would have made his transition smoother and quicker. Jason candidly discusses the challenges he faced, the knowledge he gained, and the moments of self-doubt he encountered while hacking and learning at a rapid pace. He presents six crucial aspects that every pentester should know and offers tips to stand out to potential hiring managers
Not everyone taking a pen test class will want to be a penetration tester. Hence, we have organized this class to be a well-rounded experience, allowing both aspiring red teamers and blue teamers to get the most out of it. This class will provide students with hands-on experience with all phases of a penetration test, from information gathering to reporting.
In this training course, we will examine the different types of penetration testing engagements and take a deep dive into establishing a repeatable testing methodology for executing quality tests. We will look at some tools of the trade to understand what they are doing under the hood, identify what separates a great finding from a good finding in reports, and really zero in on establishing your own methodology!
Modern Webapp Pentesting is unique in its approach to testing webapps. Too many courses are built around the assumption that a webapp pentester’s skills should grow along a straight line, starting with something like the OWASP Top Ten and culminating in something like Attacking Web Cryptography. Real webapps don’t follow that same path, and neither should real webapp pentesters. This course doesn’t worry about where a student falls on the imaginary scale of beginner to expert but instead focuses on finding and exploiting the kinds of issues found in real webapps today, based on the instructor’s many years of ongoing experience in testing real webapps today.
Welcome to Dan DeCloss’ captivating YouTube video titled “A Case for Threat Informed Penetration Testing”! Recorded during his thought-provoking talk at Wild West Hackin’ Fest in Deadwood, SD, in October 2022, this presentation delves into the essential elements that go beyond the typical coverage of the MITRE ATT&CK framework or the OWASP Top Ten in penetration testing
