An Advanced Persistent Pentester is always willing to go the extra mile, working smarter, and harder to achieve success. An Advanced Persistent Pentester is always willing to go off script, creatively inventing new concepts, new tools, and techniques to get the job done. We all use automated tools and techniques to construct advanced malware which allows for expeditious entry, escalation, persistence and post exploitation during engagements. What happens when the standard tools, and techniques are just not good enough? This talk will examine several different escalation, lateral movement, and post exploitation case studies talking about the various creative approaches in solving problems along the way, capturing the flag(s), and pushing to the extremes of threat modeling the real world information security environment. It was reported that in 2015 it took an average of 146 days to detect an attacker. How can successfully mimic the impact of having that much time to pillage a network in less than a week?

Beau Bullock: Beau has held positions in the financial and health industries and has experience with all aspects of enterprise network security including penetration testing, vulnerability analysis, data loss prevention, wireless security, firewall management, and employee security training. Beau is a Hack Naked TV host, and frequent speaker at industry events. Derek Banks: Derek has over 20 years of experience in the IT industry as a systems administrator for multiple operating system platforms, and monitoring and defending those systems from potential intruders. He has worked in the aerospace, defense, banking, manufacturing, and software development industries. Derek has experience with creating custom host and network based monitoring solutions. Joff Thyer: Joff has over 15 years of experience in the IT industry in roles such as enterprise network architect and network security defender. He has experience with intrusion detection and prevention systems, penetration testing, engineering network infrastructure defense, and software development. Joff also co-hosts the Security Weekly podcast.

Beau: @dafthack, Derek: @0xderuke, Joff: @joff_thyer

Back to Derbycon 2016 video list