A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Proactive Defense – Eliminating the Low Hanging Fruit — Matt Kelly (Circle City Con 2014 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

Proactive Defense – Eliminating the Low Hanging Fruit — Matt Kelly
Circle City Con 2014

Abstract: Every year the pen testers (or bad guys) come in, they find that one missing 08_067 or default tomcat password and own the network. This talk was inspired by the frustration of constantly running into the same exact issues on penetration tests, and the huge challenge IT has in securing their network. This talk will go over the top security failures we find and more importantly easy things blue teams can do to get rid of the low hanging fruit and make your pen testers work hard to escalate privileges. This will not simply highlight vulnerability scans results, but things we see vulnerability scanners consistently miss. Things from network traffic manipulation (network protocols and client side services) and go over automated ways you can easily find those bad passwords, exploitable machines, default tomcats, SQL issues, reused local admin, and more, with some quick tricks to mitigate the problems that have plagued our industry for years. There is no blinky box involved; this talk is all about things security engineers can do quickly without breaking the budget, but still having a real impact on network security. Author Bio: Matt Kelly is a senior consultant with EY’s Advanced Security Center focused on attack and penetration. Previously Matt was a security consult for Crowe Horwath. His primary focus is in penetration testing ranging from network, web application, physical security and wireless assessments. Matt recently moved to Houston from Chicago and hasn’t stopped sweating since. Also – boilerup!

Back to Circle City Con 2014 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast