A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Harness the Force for Better Penetration Testing - Patrick Fussell GrrCON 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

Harness the Force for Better Penetration Testing
Patrick Fussell
GrrCON 2015

The process of collecting evidence during a penetration test is rife with pitfalls, but when done effectively greatly increases the effectiveness of the testing itself and communication of the results to the customer. In fact, careful notation can sometimes illuminate the foothold needed to compromise a network that would otherwise have gone unnoticed. While many tools exist to assist with the collection of data they do not inherently engender a methodology leaving the assessor to work out their own process. We will review some effective documentation strategies as applied to real world penetration tests and how they have helped with the success of the engagement itself as well as greatly improving all follow on communications with the customer. We will use a set of scripts (presented with the talk) and the DOT language as a simple and extensible way to assist in this goal.

Back to GrrCON 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast