Presentation title: Stealth Pentesting: IT doesn't know we're here presented at BsidesDFW2013 2013

by Ryan Reynolds, Tony James,

Summary : Attackers break in, steal all the info and don’t even battle with any of the company’s defenses. As a result the company buys a pentest in order to “test their security”. So a firm gets hired and runs Appscan, Nessus or Metasploit, and informs management of all the “holes” in the environment, but this doesn’t mimic a real world attack. The bad guys aren’t running Nessus or Nmap to breach a company and steal their data; they aren’t even guessing “Password1”. This talk will demonstrate the common ways attackers breach an internal network and obtain the goods of the company without tripping any alerts. This talk will go beyond a standard pentest/vulnerability assessment and will be a demonstration of how the bad guys use the company’s systems against them and the ways real attackers break in under the radar. Techniques such as using built-in host functionality, network reconnaissance methods, routing protocol insecurities, abusing security agents (that are supposed to increase the security) and popular DLP bypass techniques. A wide range of pentest techniques will be discussed, but more importantly solutions that can thwart the attack will be provided for all the blue teams out there and won’t break the bank.