.

[Article]-Pen Testing Perfect Storm Pt. III: Network Reconstructive Surgery

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Mar 23, 2009 9:24 am

[Article]-Pen Testing Perfect Storm Pt. III: Network Reconstructive Surgery

Here's the info on tha last in this 3 part webcast series by SANS and sponsored by Core Security. As before, we will also host a post-webcast discussion with the 3 experts. Keep an eye out for the link at the top of the right column.

Permanent link: [Article]-Pen Testing Perfect Storm Pt. III: Network Reconstructive Surgery



EH-Net is pleased to announce the complimentary webcast, “Network Reconstructive Surgery,” Part III of the Pen Testing Perfect Storm webcast trilogy – featuring the return of SANS Pen Testing swashbucklers Ed Skoudis, Josh Wright and Kevin Johnson. The third and final installment of this popular webcast trilogy will focus on assessing the outside-in attack process, leveraging a seemingly innocuous website bug for full-scale control over the target network infrastructure. You'll learn how to take advantage of powerful tools including Ratproxy, the soon-to-be-released Yokoso! project and a recent browser exploit, as well as how a pentester can manipulate the not-so-helpful features in enterprise wireless networking systems. Combining concepts from web app, network, wireless and social-engineering attack techniques, this webcast will present practical tips for succeeding in a penetration test in ways that exceed that of independent analysis steps. In this finale webcast, you'll also gain insight into predictions by the pentest luminary team on the future of combined penetration tests, including the concept of "no holes barred" pentesting and the effect it will have on the future of enterprise security.

The third and final webcast in this series will take place Tues March 24, 2009 @ 1:00 PM EST. Following the webcast, attendees are invited to keep the conversation going with Kevin, Josh and Ed from InGuardians during discussions hosted by The Ethical Hacker Network (EH-Net), a free online magazine for security professionals. For at least one week after each webcast, the crew will make themselves available to answer your questions directly and candidly in EH-Net’s Community Forums. All discussions will remain freely available on EH-Net for your continued reference.



Don
Last edited by don on Mon Mar 23, 2009 12:26 pm, edited 1 time in total.
CISSP, MCSE, CSTA, Security+ SME
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Mon Mar 23, 2009 10:48 am

Re: [Article]-Pen Testing Perfect Storm Pt. III: Network Reconstructive Surgery

There are a fantastic series! If you haven't check them out do it. You can find the old ones here:

Part I - Combining Network, Web App and Wireless into the Ultimate Penetration Test
https://www.sans.org/webcasts/show.php?webcastid=91601

Part II - Anatomy of a Mutiny
https://www.sans.org/webcasts/show.php?webcastid=92109
twitter.com/timmedin | http://blog.securitywhole.com
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Wed Apr 01, 2009 9:39 pm

Re: [Article]-Pen Testing Perfect Storm Pt. III: Network Reconstructive Surgery

Does anyone know where the third one was recorded at?  I have the first two and they are awesome, just missing the last one.

Thanks.
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Thu Apr 02, 2009 12:48 pm

Re: [Article]-Pen Testing Perfect Storm Pt. III: Network Reconstructive Surgery

twitter.com/timmedin | http://blog.securitywhole.com
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Thu Apr 02, 2009 11:21 pm

Re: [Article]-Pen Testing Perfect Storm Pt. III: Network Reconstructive Surgery

timmedin,

Maybe I'm missing something, but that's the same link I went to for registration last time looking for the archived session.  I missed it and got sent a registration email instead.  The registration email has links to download the original two webcasts, but not the third.  The only link for the third webcast is to actually attend in real time and it isn't functional.  Does anyone know if there is a recording of this posted somewhere?

Thanks.
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Wed Apr 15, 2009 2:31 pm

Re: [Article]-Pen Testing Perfect Storm Pt. III: Network Reconstructive Surgery

These are the correct links:

•  Webcast recording:

https://coresecurity.webex.com/coresecu ... 82ECF723AE



•  Slide presentation:

https://coresecurity.webex.com/coresecu ... EE4464BA8F
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Mon Apr 27, 2009 9:10 pm

Re: [Article]-Pen Testing Perfect Storm Pt. III: Network Reconstructive Surgery

In the example here a reverse shell was established from the user to the attacker. Is there a tool to allow you to proxy requests through that shell? I don't mean uploading a proxy, but one that uses something like the telnet command to request pages.
twitter.com/timmedin | http://blog.securitywhole.com

Return to News Items and General Discussion About EH-Net

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software