Last year, the CBI Red Team huddled in a room one day and discussed the need for a privilege escalation workflow. We needed a way to prioritize the attack vectors used on our engagements based on the time it takes to execute and the probability of success. We will accomplish a few objectives with this presentation; talk about the value of prioritizing privilege escalation through workflows, show that traditional missing patch vulnerabilities are no longer as useful as they used to be, and walk through various attack vectors. We will empower the audience to understand what attack vectors are more successful than others, and will discuss preventative controls for each attack.
Shaun is the VP of the Red Team at CBI, and brings 15 years of experience in the information security field with a core focus of providing penetration testing and vulnerability assessment services to enterprise organizations. Shaun has been CISSP certified since 2004 and proficient in several technical services: AV obfuscation, social engineering, exploit development, critical systems protection, endpoint security, event management, incident response, intrusion detection, ICS/SCADA, and malware prevention. Shaun also has experience teaching security classes at various universities, including the University of Michigan and Eastern Michigan University. He is also a frequent speaker at security conferences and local hacking groups. Shaun is a member of the Hacker Hall of Fame for Constant Contact, Evernote, and Symantec and was recently a medal recipient for the Hack The Pentagon and Hack The Army bug bounty programs.
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek