In today's mainstream penetration testing and Red Team environments we feel that the teams are relying too much on noisy scanners. In part making for a large group of scanner monkeys. This talk is bringing back old school ways with a new flavor, a new flair to prove that those techniques still work in the majority of engagements that many of us are involved in. The problem with many tools is not only how noisy they can be, but also the amount of logic and decision making that goes on under the hood without any human input. We want to show manual testing of a web application in order to: 1. Make a pentester a valuable asset that won't be replaced by a tool. 2. Demystify the idea that scanners are necessary for pentesting. 3. Show how you can become a stealthy attacker.

Justin Whitehead Security and Forensic Analyst at One World Labs in Denver, CO. Justin received his Bachelors of Science in Computer Information Systems with a focus in Computer Forensics. His certifications include: CompTIA Security+, ITIL Foundations, CHFI, CCFI, CEH, CPT and ACE.

@3uckaro0

Back to Derbycon 2015 video list