thoughts on things
Mike Saunders is a principle consultant for Red Siege Information Security who will be sharing his thoughts with us on how to approach assumed breach scenarios in a way that’s intended to resolve current issues with today’s pen testing. A large part of this con talk focuses on tools that get used during these assumed breach scenarios.
Dave Kennedy is closing the talks out at WWHF 2019 by sharing knowledge related to how he’s been approaching the last 10 security assessments that he’s been on. He shares ideas in this talk about how one can include social engineering considerations when performing security assessments by tailoring the way in which the system is being controlled so that the contents of security alerts (if the attack behavior is detected) have a higher likelihood of leading a Security Operations Center to a conclusion that is beneficial to the attacker (e.g. the detected behavior is benign).