Imagine starting your pentest with a shell. Better yet, a shell with privileges. Skip the web app. Forget bruteforcing. Hackers often take the path of least resistance, and so should you. Not a pentester? You can still do this, and defend your infrastructure. Full-Contact Recon will guide the audience through practical information looting from public sources like Travis-CI, GitHub, Data.com, and popular social platforms (LinkedIn, Twitter, etc). We will also release three tools to streamline the process. Coupled with experiences from actual red team operations; we will show you several ways to make your first connection a privileged shell.

int0x80 - int0x80 is the rapper in Dual Core. savant - savant is not in the sudoers file. This incident will be reported.

int0x80 - @dualcoremusic, savant - @savant42

Back to Derbycon 2017 video list