A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Flourishing in a Hostile Work Environment - Dennis Goodlett Bsides Cleveland 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

Flourishing in a Hostile Work Environment
Dennis Goodlett

Abstract: This is a tale of Dennis’ first real job, as a penetration tester, at a company that is so into security that even the employees must maintain their own defenses… against each other. The story goes from his first day on the job, when he caught a system administrator adding a backdoor before his OS was even finished installing, to the entire office environment becoming a miniature version of threat models that clients would be facing in the real world every day (but probably worse). This presentation covers the attacks Dennis has successfully used against his co-workers and the defenses he has employed to protect himself. Explanation: The presentation will include: the attacks Dennis has used to break into his co-workers (both successfully and unsuccessfully) as well as the defenses he has put in place. The nature of these attacks almost always relies on social engineering. Dennis will be releasing the source code of all attacks/defenses that he has developed. He will also go into detail on his unique Linux setup (both its strengths and weaknesses). What Makes This Interesting? The subtext of this talk is the policy of Dennis’ employer (the one who allows the office mayhem to continue). It provides a unique way to inspire creativity and ensure that ALL measures are taken to secure a system. It also gives employees an avenue to learn new attacks/defenses that one might not see in your average pentest.

After getting a degree in Mathematics from Miami University, Dennis spent the following Summer performing magic on the mean streets of Newport, Kentucky. The only payment he asked for was a grown up job. Hurricane Labs was kind enough to take him in and give me a chance. So far they have yet to fire him (despite a few threats) and he's managed to become a vital member of the penetration testing team.

Back to Bsides Cleveland 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast