Advanced Penetration Testing In The Real World (closed) presented at deepsec 2017

by Davy Douhine, Guillaume Lopes,

Summary : A 2 days 100% “hands-on” workshop.
Main topics:
Buffer overflow 101: Find and exploit buffer overflows yourself and bypass OS protections (because a lot of pentesters don’t even know how it works under the hood);
Web exploitation: Manually find and exploit web app vulnerabilities using Burpsuite (Yes, running WebInspect, AppScan, Acunetix or Netsparker is fine but you can do a lot more by hand);
Network exploitation: Manually exploit network related vulnerabilities using Scapy, ethercap and Responder (Because it works so often when doing internal pentests);
Passwords: Optimize the way you attack offline and online passwords (0day is fun but the way guys come in most of the time is simply by using login/passwords);
iOS/Android app hacking: Find and exploit mobile app vulnerabilities using Needle, Frida, Cycript and Hopper (Companies move their apps in the cloud and in the mobile world so pentesters have to evolve … or die) ;
Founder of RandoriSec, a security focused IT firm, Davy Douhine is working in the ITSec field since almost fifteen years. He has mainly worked for financial, banks and defense key accounts doing pentests and trainings to help them to improve their security.