Adding Pentest Sauce to your Vulnerability Management Recipe presented at bsidesjackson 2017

by Andrew Mcnicol, Zack Meyers,

Summary : Andrew is driven by his passion for helping organizations identify exploitable vulnerabilities before an adversary. He is currently the CTO at BreakPoint Labs specializing in offensive security services, mentor for SANS, and one of the founders and lead authors of Primal Security.
Zack is a business-oriented guy that then became a motivated InfoSec geek after getting started as a continuous monitoring vulnerability analyst. Shortly after, he took an interest in the offensive side of security work and currently works as an offensive Security Engineer at BreakPoint Labs. He is currently a member of the Primal Security Blog | Podcast and holds several security certifications.
Their talk, Adding Pentest Sauce to your Vulnerability Management Recipe, will discuss the
question they get after performing a penetration tests: "Why didn't I see some of
these vulnerabilities during our vulnerability scans?" The will discuss flaws that both attackers and pentesters exploit do not typically show up in a Nessus, Nexpose, or [insert-vuln- scanner-name- here] scan. Most senior penetration testers and attackers will seldom leverage a vulnerability scanning tool as it's very noisy on a network and can get you detected/removed/bandwidth issues/etc. They will discuss why many good pentesting techniques require manual testing and a creative attacker mindset. Lastly, they will discuss several things pentesters do regularly that could be adopted into a vulnerability management program. The purpose of their talk is to
share these tips and tricks that pentesters use so others can adopt these techniques and raise the bar of any vulnerability management program dealing with .