A dedicated attacker does not have time limitations when attempting to find vulnerabilities in a target. As a penetration tester, you are bound by certain restrictions, including scope, attack methods, and time/date restrictions. Because of these restrictions, it’s helpful to prioritize certain targets over others to increase your chances of breaking in. This talk will cover scenarios, which raise red flags for us, why, and how to develop your own sense of intuition.

Dan Crowley / Chris Vinecombe

Daniel Crowley – Daniel (aka “unicornFurnace”) is an Application Security Consultant for Trustwave’s SpiderLabs team. He has been working in the information security industry for over 7 years and has been focused on penetration testing, specifically on Web applications. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel has developed configurable testbeds such as SQLol and XMLmao for training and research regarding specific vulnerabilities. Daniel enjoys climbing large rocks. Daniel is a frequent speaker at conferences including DEFCON, Shmoocon, and SOURCE. Daniel does his own charcuterie.

Chris Vinecombe is an Application Security Analyst for Trustwave’s SpiderLabs team. He has been working in the information security industry for 2 years. He currently focuses on penetration testing, specifically web application security. He is eager to learn ALL the things.

 

Back to Derbycon 2012 video list