./kedeshur

Dave Kennedy is closing the talks out at WWHF 2019 by sharing knowledge related to how he’s been approaching the last 10 security assessments that he’s been on. He shares ideas in this talk about how one can include social engineering considerations when performing security assessments by tailoring the way in which the system is being controlled so that the contents of security alerts (if the attack behavior is detected) have a higher likelihood of leading a Security Operations Center to a conclusion that is beneficial to the attacker (e.g. the detected behavior is benign).

Deviant Ollam owns multiple security consulting companies and put together a great presentation for the 2019 Wild West Hackin’ Fest. He’ll be walking us through the dos and don’ts that he’s discovered. While I usually feel like I’m capturing the essence of technical talks, talks like this one by an engaging speaker like Deviant are best viewed in their entirety. Nonetheless, the ideas he shared are worth attempting to summarize. To start, there’s multiple thoughts discussed by other people that influenced this talk.

For the first 5 Minute Conference Talk (5MCT) series, Tim MalcomVetter — Director of Red Team Operations — shares ideas on how an internal red team can best provide value, how that value can be measured, and characteristics of common security postures found at companies. While originally presented in the context of an internal red team, the ideas are equally useful for how a penetration tester interacts with their clients.