O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Bsides Leeds - hacker of all master of none.pptx (1)

Andy Gill's Slides from BSides Leeds

  • Entre para ver os comentários

Bsides Leeds - hacker of all master of none.pptx (1)

  1. 1. Hacker of All Trades Master of None Andy Gill
  2. 2. Obligatory Who Am I… @ZephrFish on all of the Internet. Work as a Security Consultant @PenTestPartners Kicker/Breaker/Hacker/FilmGoer in my Nights Wrote a Book about Learning Things Black Belt in Karate, so not only a Keyboard Warrior
  3. 3. The Plan for Today Understanding pentesting Some Tips & Some Tricks Lessons Learned The different trades a tester may have How to be more Business-ey As a pentester/hacker…
  4. 4. PENETRATION... Testing Take a min, have a giggle, you know you want to!
  5. 5. But really, what is it? Expectation: Popping shells all day long, hacking all the things Reality - A massive human aspect - lots of breaking, fixing and helping
  6. 6. Tricks of the Trade... The Good the Bad & the Down right Ugly… tips! The Do’s ● RTFM ● Don’t Be Afraid to Google Like a MF Ninja ● Actually Use the App before you Abuse it... ● Always try http & https on random ports, you’d be surprised
  7. 7. Tips (Cont) Don’t Do These Things Bad Things can happen...
  8. 8. Lessons Learned… Going ON-SITE 101
  9. 9. Winging it... Most folks are winging it, if they tell you they’re not they’re lying or just old… Not Winging in the Sense “I have no idea what I’m doing” but more that every day is a new learning opportunity. It works 50% of the time 100% of the time
  10. 10. A tester can have many Hats Not the Good Guy/Bad Guy Scenario More the range of trades and teams one tester will liaise with.
  11. 11. Being a better Business Hacker RCE, XSS, CSRF,SSRF, BEAST, POODLE, ROBOT, SSL BUZZ WORD BINGO
  12. 12. Learning to be a People Person
  13. 13. How to Find Me. https://twitter.com/ZephrFish https://blog.zsec.uk https://leanpub.com/ltr101-breaking-into-infosec https://www.pentestpartners.com
  14. 14. Any Question?