Security/Conferences/DerbyCon2011: Difference between revisions
| Line 9: | Line 9: | ||
== PTES Panel == | == PTES Panel == | ||
A discussion panel of several well know penetration testers who are advocating the use of PTES (http://www.pentest-standard.org/index.php/Main_Page) as a standard framework for etheical penetration testing. Basically the CEH of pen testers. | |||
== Chris Nicerson: Gorillas in the Wire == | == Chris Nicerson: Gorillas in the Wire == | ||
Revision as of 02:49, 4 October 2011
Keynote HD Moore: Acoustic Intrusions
A very interesting talk and oddly ended up being a bookend to the last talk I went to. HD has come up with a tool called warvox (http://warvox.org/more.html) that can do all kids of audio comparison. He used it to figure out that the safe in the hotel had unique sounds for each key and he could pick those up in the hall through the walls and thus know the combination to a safe if he could hear it. It was also shown how he could run through voice mail boxes and find interesting sound patterns or compare the voice on the voice mail to other phone voice mail and thus find the home address of a person. It could also be used to distinguish all kinds of different phone systems, modems, fax machines etc. Essentially a very useful tool for penetration testers.
Johnny Long: Hackers for Charity Update
I had never heard of Johnny or his charity work, but none the less it was very interesting, and in the end this con of ~1200 raised more money for the charity than Def Con.
Kevin Mitnick + Dave Kennedy: Adaptive Pen Testing
This was basically a talk on all kinds of ways to penetration test and a framework for pen testers. They showed pwnie plugs and Social Engineers Toolkit (SET) and gave demo's and told all kinds of stories around pen testing as an assessment for businesses.
PTES Panel
A discussion panel of several well know penetration testers who are advocating the use of PTES (http://www.pentest-standard.org/index.php/Main_Page) as a standard framework for etheical penetration testing. Basically the CEH of pen testers.