This talk will be about some common but surprising flaws found during a year of red teaming and how to check for, exploit and defend against them. In particular, combining several seemingly low-risk authentication problems can allow for a successful compromise of a user account without always resorting to phishing, giving the attacker a foothold within the organisation. None of these attacks are particularly novel, but the impact of chaining the individual issues does not seem to be well understood. We also digress slightly into an appeal against traditional infosec gatekeeping – partly because no special magic is required for these attacks, just a month or two’s use of a Linux VPS. Patience, curiosity and outright stubbornness help too, of course.
Join event to build your agenda.
How we hacked your billion dollar company for forty-two bucks
Jamie has been a full time penetration tester for over ten years, has tested everything from a hoover to a Cray and is quite enjoying it. Previously he worked as a developer, system administrator and for the "blue team".