Every few weeks we hear news of another large corporation, or government agency being hacked. The press goes wild with these stories, and are always surprised how this could happen. The fact of the matter is that securing a large complex network today is a nearly impossible task. Even with a "perfect" technical solution, we can never remove the largest threat... the human factor. As security professionals, we can not just assume that our mitigation will prevent an intrusion. We also need to realize that it is very likely that there are already threats inside the network. So how would you know? What could they be doing that you aren't seeing? Jeff Pullen, will demonstrate how these threats could be hiding themselves on the servers and workstations you access every day. How subtle modifications of configuration files, or shell wrappers around binary files can threaten your critical systems and data. These techniques don't require advanced programming or expensive exploits. This is a talk on post exploitation "hacking", for Penetration Testers and System Administrators familiar with Linux.

Jeff Pullen joined the VA Army National Guard Data Processing Unit (DPU) in 2003, and has served in various Information Security roles. Mobilized from 2008-2011 with Joint Functional Component Command Network Warfare and later US Army Cyber Command. Then again mobilized in 2012 with the Army Web Risk Assessment Cell. He now serves as a Squad Leader in the DPU Cyber Opposing Force Branch. This branch is composed of highly talented Soldiers, tasked with providing a realistic and dynamic Cyber adversary to train against. On the civilian side, Jeff has specialized in all things Linux and Virtualization and is currently a Senior Consultant for Red Hat Public Sector Consulting.

Back to SecureWV 2015 video list