Saturday, November 13, 2021
This talk will be about some common but surprising flaws found during a year of red teaming and how to check for, exploit and defend against them. In particular, combining several seemingly low-risk authentication problems can allow for a successful compromise of a user account without always resorting to phishing, giving the attacker a foothold within the organisation. None of these attacks are particularly novel, but the impact of chaining the individual issues does not seem to be well understood. We also digress slightly into an appeal against traditional infosec gatekeeping – partly because no special magic is required for these attacks, just a month or two’s use of a Linux VPS. Patience, curiosity and outright stubbornness help too, of course.
Download these images to your phone and post using the Instagram app.