A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


How not to suck at pen testing - John Strand Derbycon 2014 (Hacking Illustrated Series InfoSec Tutorial Videos)

How not to suck at pen testing
John Strand
Derbycon 2014

Godamitsomuch. How did printing a report from a vuln scanner qualify as a “pen test”? Why are your testers ignoring low and informational findings? In this presentation, John will cover some key components that many penetration tests lack, including why it is important to get caught, why it is important to learn from real attackers and how to gain access to organizations without sending a single exploit, and how to look for other attackers on the network. Additionally, John will show you how to bypass “all powerful” white listing applications that are often touted as an impenetrable defense.

Back to Derbycon 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast