How to (Not) Get Owned
About the Speaker
Penetration Tester at Sword & Shield Security
Andrew is a penetration tester by day, wannabe security researcher by night, the CEO of his laptop, and general trouble maker. Andrew has been interested in computer security as far back as he can remember. He is a contributor to multiple open source security projects including OWASP, Metasploit, and PowerSploit. He has identified and reported multiple security vulnerabilities in high profile software including video conferencing products, file sharing products, content management systems, and security products. He currently works for Sword and Shield Enterprise Security.
It seems about every other day I read some poorly written article talking about "so and so got hacked" providing no detail of any use except "it was the APTz and they used 0dayz n' stuff". One the other hand, other articles that make headlines are discussing "Researchers break SSL" and what they forget to mention/dont understand is that in the fine print it says the browser has to be running some specific configuration and the server has to be angled in some strange way and you need to have at least three NICs installed for there to be a chance that a cookie will be intercepted. This talk will attempt to detail multiple real world attacks (ones that actually get you owned) in a "lessons learned" format.