SIEGECAST: Assumed Breach Part I

Описание: #cybersecurity #hacking #infosec

https://redsiege.com/

Penetration Testing
Web Application Penetration Testing
Ransomware Readiness Assessment
Mobile App Assessment
Remote Access Assessment
Purple Team
Red Team & Adversary Emulation

Let our offense, prepare your defense.
[email protected]
______________________________________________________________

Today, Red Siege is talking about the shortcomings of the traditional penetration test, and through different techniques and tools to deliver (and receive) a higher value penetration test.
SiegeCast: "Assumed Breach Part I"
Presented by
Tim Medin ( [email protected] )

Traditional penetration testing often concedes internal access to the tester, but then the tester does a lot of scanning and poking around. This is not representative of most breaches. Most breaches start with a phish and the adversary effectively starts with access as one of your users on one of your systems. Are you prepared to defend?

Slides: https://redsiege.com/ab1

Follow Us
Twitter:   / redsiege  
Facebook:   / rsiege  
Linkedin:   / redsiege  

_______________________________________________________

Red Siege Founder: Tim Medin ([email protected])
Twitter: @timmedin

Red Siege is an information security consulting company that concentrates on the latest threats to organizations today. We perform in-depth analysis, determine organization/business risk, and find the vulnerabilities before the bad guys do. Our team includes internationally renowned experts who have been featured in international news outlets and conferences, including The Wall Street Journal, The Washington Post, a News Channel Asia Documentary.

https://redsiege.com

#hacking #redteam #penetrationtesting #pentest

00:00 Assumed Breach Pt 1
00:10 Introductions
00:38 Table of Contents
1:53 Part 1 - Traditional Pen Tests
8:34 Part 2 - The Attackers
10:06 Top Threat Actions
12:23 Phishing Statistics
13:37 Breach Actions
14:00 Part 3 - Risk Focus
16:18 Never Assume - Always Ask the Dumb Question
22:01 Domain Admin
23:52 Part 4 - Assumed Breach
24:28 Making Good Decisions
27:30 Access Via 0-Day
31:12 Assumed Breach
33:07 Pwnage Without DA
34:48 Network Shares
39:01 Domain Password Spray
40:22 Wrap-up & Questions