We are hackers, we think like hackers, and unfortunately at the end of the day we have to return all the money we stole. What an amazing job, the ability to rip into computer systems and have free reign over years of millions of dollars of investment. Our industry right now is in flux; it's changing all the time and growing. Our next generation of pentesters needs to have the same mentality, the same belief on thinking like a hacker. This talk dives down into techniques we use on peentration tests and goes into how we hack. Sometimes a Metasploit module does the job and allows us into everything we need. Others we have to think differently, look at all of the information, and make a decision on the best entry into an organization. This talk will walk through specific techniques we've used in the past when confronted with a roadblock or challenge. Or just ways to make our lives easier. Think like a hacker, that’s what we are.

Dave Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David was the former Chief Security Officer (CSO) for a Fortune 1000 company where he ran the entire information security program. Kennedy is a co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), and Artillery. Kennedy has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. Kennedy is the co-host of the social-engineer podcast and on a number of additional podcasts. Kennedy has testified in front of Congress on two occasions on the security around government websites. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is the co-founder of DerbyCon, a large-scale conference in Louisville Kentucky. Prior to Diebold, Kennedy was a VP of Consulting and Partner of a mid-size information security consulting company running the security consulting practice. Prior to the private sector, Kennedy worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions.

Larry has more than 15 years of experience in Information Technology. He is experienced in executing various security assessments for numerous organizations and industries, including health care, education, manufacturing, banking, insurance and foreign governments. His past experience in network security administration includes patch management, anti-virus administration, vulnerability management, intrusion prevention, internet gateway administration, Group Policy management and Active Directory administration. Larry also enjoys sharing his experiences on TrustedSec's blog as well as his own personal website,

Back to Bsides Cleveland 2015 video list