Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Bsides Leeds - hacker of all master of none.pptx (1)

Andy Gill's Slides from BSides Leeds

  • Soyez le premier à commenter

Bsides Leeds - hacker of all master of none.pptx (1)

  1. 1. Hacker of All Trades Master of None Andy Gill
  2. 2. Obligatory Who Am I… @ZephrFish on all of the Internet. Work as a Security Consultant @PenTestPartners Kicker/Breaker/Hacker/FilmGoer in my Nights Wrote a Book about Learning Things Black Belt in Karate, so not only a Keyboard Warrior
  3. 3. The Plan for Today Understanding pentesting Some Tips & Some Tricks Lessons Learned The different trades a tester may have How to be more Business-ey As a pentester/hacker…
  4. 4. PENETRATION... Testing Take a min, have a giggle, you know you want to!
  5. 5. But really, what is it? Expectation: Popping shells all day long, hacking all the things Reality - A massive human aspect - lots of breaking, fixing and helping
  6. 6. Tricks of the Trade... The Good the Bad & the Down right Ugly… tips! The Do’s ● RTFM ● Don’t Be Afraid to Google Like a MF Ninja ● Actually Use the App before you Abuse it... ● Always try http & https on random ports, you’d be surprised
  7. 7. Tips (Cont) Don’t Do These Things Bad Things can happen...
  8. 8. Lessons Learned… Going ON-SITE 101
  9. 9. Winging it... Most folks are winging it, if they tell you they’re not they’re lying or just old… Not Winging in the Sense “I have no idea what I’m doing” but more that every day is a new learning opportunity. It works 50% of the time 100% of the time
  10. 10. A tester can have many Hats Not the Good Guy/Bad Guy Scenario More the range of trades and teams one tester will liaise with.
  11. 11. Being a better Business Hacker RCE, XSS, CSRF,SSRF, BEAST, POODLE, ROBOT, SSL BUZZ WORD BINGO
  12. 12. Learning to be a People Person
  13. 13. How to Find Me. https://twitter.com/ZephrFish https://blog.zsec.uk https://leanpub.com/ltr101-breaking-into-infosec https://www.pentestpartners.com
  14. 14. Any Question?