A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Adding Pentest Sauce to your Vulnerability Management Recipe - Luke Hudson, Andrew McNicol BSides NOVA 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Adding Pentest Sauce to your Vulnerability Management Recipe
Luke Hudson, Andrew McNicol
@3z57uff @primalsec
BSidesNOVA 2018

Adding Pentest Sauce to your Vulnerability Management Recipe, will discuss the question we often get after performing a penetration tests: "Why didn't I see some of these vulnerabilities during our vulnerability scans?". We will discuss flaws that both attackers and pentesters exploit and why they do not typically show up in a Nessus, Nexpose, or [insert-vuln- scanner-name- here] scan. Most senior penetration testers and attackers will seldom leverage a vulnerability scanning tool as it's very noisy on a network and can get you detected/removed/bandwidth issues/etc. We will also discuss why many good pentesting techniques require manual testing and a creative attacker mindset. Lastly, we will review several things pentesters do regularly that could be adopted into a vulnerability management program. In the end we hope to share some tips and tricks that pentesters use so that others can adopt these techniques and raise the bar of any vulnerability management program.

Luke Hudson, Andrew McNicol

Luke Hudson is a security engineer who is enthusiastic about vulnerability enumeration and exploitation. Previously, he was a Subject Matter Expert (SME) for DoD’s vulnerability management project before moving to focus on penetration testing and offensive security. He is one of the founders and lead authors of Primal Security Podcast, focusing on creating information aimed at fellow security professionals. Luke currently holds a large variety of Information Security certifications, including OSCE, OSCP, OSWP, GISCP, GCFA, GPEN, GWAPT, GWEB, CISSP, CEH, etc.

Andrew is driven by his passion for helping organizations identify exploitable vulnerabilities before an adversary. He is currently the CTO at BreakPoint Labs specializing in offensive security services, mentor for SANS, and one of the founders and lead authors of Primal Security.

Back to BSides NOVA 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast