415 Hack Yourself Building A Pentesting Lab David Boyd

Video Statistics and Information

Video

Captions Word Cloud

Captions

so go ahead and get started here morning dirty Todd how is our own spawn oh yeah every generously yeah so there's fog is hack yourself building a pen testing lab on the Prophet this law honey came out of a couple different veins I had some customers asked me how did you do that can you show me but not do it to us again right I had sort of co-workers so friends are pretty go I want to do what you do but I don't know how to get started so I don't handle build lab well how do you do that there's not there's there's you know YouTube videos and all sorts of stuff but there's not just kind of a ground-level how to so this is kind of what this talks about so several years ago they were Emily ribbon on a bear or deer assault rifle and as he was writing an award he said these words maybe six hours to chop down a tree and I will spend the first four sharpening the axe I don't know if that's necessarily true my story Albert Einstein also had a great quote that's related to this talk he said anyone can know but the point is to understand so in our field especially we can know how to do stuff but the real like a real gumption of it is to understand why it is we're doing it and why does you know how things work the way they work so this is good ball scene and burning you my name is David Boyd I'm a pen tester red teamer for sexual security solutions I've worked in every field from spent some time in the Army when I got out I went to did some retail IT I worked for the government for a while it's a finance media energy sector I finally got tired of sitting in a hot cramped cubicles decided to do some consulting I am a Christian which means that I'm just a sinner saved by grace I'm a husband I'm a father of that 10 month old right there I'm a huge geek and a big gamer and you guys remember the shellshock vulnerability from you know what a while back right so that kid came up with a new vulnerability called diaper shock Norman maybe it's the shot right before yet just quick note here about hackers for charity uh you guys have seen the shirts you guys murdered a couple speakers talking about them Johnny I noticed we were doing an absolutely fantastic job okay if you haven't gone up and donated please do I mean really really they provide education there's a training center classroom that go to food for program there is all kinds of stuff going on over there please go donate I think it's like ten bucks can get a good for a month or something so you know go up and check it out there's some cool journals bracelets and stuff the agenda for today we're going to figure out the the why we're sitting abalone and how I'm going to talk about some finishing distributions that are out there talk about the various horrible beams you can find out in a while I'm going to give you just kind of a broad overview some recommended tools to get started playing with I'm gonna do a short demo and I've got a nice little rant on my Dewan so let's take a hold if you don't mind raise your hand who here looks better by reading about something opening bugs worry about it okay a couple people team and who here learns better by by the hands-on bite right okay yeah there's a lot more folks there right it is it's nothing against though you know put guys either but especially in our industry networks care team for any kind of that testing look like there's no better way read books and books are great I've got some recommendations at the end there's no better way of actually learning it than my duty on right hand drive so what is a hacking lab I'm somebody give up that to that today it's nothing more than just a place that replicates a real-world network it's just a virtual sandbox for you to play in completely cut off from the outside world but you do run your tools and do things that you mean - so why you need to build a lab well to get good we all need to get a better elbow with you the bad guys are getting better so we need to get better right a couple of reasons skill set in Bergman you try out something new so we're here at Derby con we're seeing all these cool tools come out we've seen all these gold Hawks and I really want to try that thing out that he did but I don't have a place to do it go home fire up your lab download that new tool that he just demoed try there you go brush up on tactics so if you have been in ite or network security for a while maybe you've moved up maybe your number management you know project management maybe you're not doing the you know the pen testing stuff anymore this lets you kind of go back it's like writing by school it comes back to you let's let you go back and try to brush up on some the old tactics you know so that we can kind of stick fresh I put on a proof of concept that's great for customer so if you're in a sales mode or you're just trying to finalize that contract or something that's all we need something we need to know you know what it is you do this is great this is a you know we demo this all time for customers we'll throw up the webex we'll throw our lab and we'll say hey you know this is just a very simple penetration testing attack that can happen on your network you know in theory and my times at the time that seals the deal if any customers ever had any questions or they didn't know what a pentose plus that's done right and then coding scripting demonstrations for clumps like Derby con so these guys that you see stuff up here and far smarter than me and none of these tools they're doing it in hacking lab so a little bit of sizes over here some see shows when there's a pen test going on or you tell them hey we need to have a pen test you know this is the AG the yeah it's fine everything's on fire the barns on fire I'm on fire boots on get right right some CISOs wish they had this the mum you mentioned anything security-related or there's a blip on the network they wish they had tax shut down everything kill switch kill it all right a hag lab can help I've noticed puts E's some of the questions that some of the upper-level management has about what does it security test entail and above all else don't be a script kidding thank you go to that man so here's the film lab well anybody really Red Team Blue Team guys any kind of IG personnel if you're not intend testing you're not in security if you're just a network guy or sysadmin you know don't build a lab go build lab at home ask your upper management so you can build a lab in your environment or recreate your environment so that you can troubleshoot some the problems that you're having I put on their c-level executive so let's see what PT looks like this is really easy to do if you are some kind of sealable guy and you're in charge of the technical team you need to know what that technical team does really truly I'm not I'm not being harsh here but you need to know what they do you need to have a general understanding of what they do and you need to be able to try to do a little bit of yourself it's going to make you a more effective leader and it's going to make it more effective for your customers and it's going to go up my respect routine so just just about that students any kind of students you know if you're in some kind of a college course or something on fire blood and then anyone want to learn a new skill essentially so while this talk is more focused on the red team's side of the house a DEA six six seven on Twitter actually did release a huge like 135 page PDF on setting up a hack lab for blue team and it's extremely in-depth you talked about IDs IDs you know all sort of stuff some firewalls and things so if you want to get into that follow him on Twitter find this this is Brian joy right now he's kind of working on that will them you know Mike looks you guys so what you need to build a head lab well you need about you know five thousand servers on hands on cloud right back in the day you needed a second service like that and actually this could have been my bedroom a few years ago a stack of servers ponderous things like that it was it was kind of hard to really build out a decent lab back then because we didn't have as well virtualization techniques now with the advent of VMware and VMware fusion and VirtualBox and things like that you can literally build a lab on your laptop and why I thought that works giving you or on off the shelf laptop from like Best Buy or something obviously the more power you throw at it but it'll be type of that here in a second but really all you need is a laptop he needs some kind of virtualization software like sit VMware game box something like that you need a couple of vulnerable discs droves to practice on and then your laptop spits money at you boffo combined so just some kind of gentles you know broad specifications um for a decent lab like on your laptop you just need like a high five you know quad core you can get by with nine three but you're going to get a little bit of choke there so you know try to get at least an i5 16 gigs of ram each VM that you fire up some of the ones that aren't as graphics heavy like most little things you can get away with just putting you know half the you know happy gave or whatever in there but some of the other ones like Server 2012 you want to put at least two to four gigs so you know that 16 gig is you kind of a nice little tone to play with so you don't get choked up too much and then obviously you've any hard drive space to carry all these vm's because they are still kind of big so you need at least 250 you know the more hard drive space you have the more games you can make you know the more space now so to build your Mac lab step one you just need a file archive right all of the VMS out there that I know of anyways are zipped up in some zipped format right so you need something like you know for Windows you have WinRAR or 7-zip I think wins it might still be out there you'll need a file are there free go online download you know whichever one you want I like winner are but you get that hey pay us at the 30 days thing 7 tip is also good for Mac users you have Kega or the unarmed hacker I think he goes like 99 cents but it's great you can sip and I'm zip and choose the you know format that you want to dip it in once you download install that you know on a step to step to install your wizard step to go out and get some virtualization software so for PC users there's a couple of free options you have VMware Player kind of stand-alone out of the box works well you'll set VirtualBox again free standalone or out of box works well pretty easy to install you also have some paid versions unfortunately for Mac users we only get a three day free trial of VMware fusion which is the Mac version of vampire and for PC users there's workstation player the only difference between the paid and the free really is the ability to take snapshots so if you're building these VMs and you're getting them all fired up and you're getting all working the you can take a snapshot of it once you get it working and then if you crash it you hose that you found this cool exploit you accidentally knock everything off line and you just can't recover it or you forget your password you can revert back to that snapshot come back to life right so you've got your on our driver you've got your virtualization software step three you need a pen testing history there's several of them out there you do what you want you know pick what you like I like Kali Linux but there's also pen - there's back box for web app testing there's samurai WTF for utility hacking there's Samurai STFU I think it's going to be reverted to the control things platform but I'm not sure what's going on with that and then join just forensics work and can you depth links for forensics by the day you had like whoopings and I wax and then moved on and you had backtrack for a while and the new thing that was Cali so black Hertz is another opportunity I have a person a little bit yeah that's another option right and there's a path on a dish goes or if you really want to go out and build your own downloaded it you know UNIX flavor of your choice and personal tools line if that's you know that's your thing that's a challenge that you want to temp go for it um a lot of us a lot of folks and I know roller on distros I don't mind using the three loud bang as a totally unrelated side note you guys know there's a lot of really bad crap going on the world right now yeah I mean it's you know I'm tired of seeing it on the news if we can all find a way to be as happy as the kids in that picture I think the world would be a much better place and if that takes dumping Legos on the world I'm on board it would take a lot of labels but you know yeah again I'm related you guys chose to be here and I sincerely appreciate that if you don't mind this is totally off I just slotted it's okay if you don't mind and you turn the person next to you shake their hand up their neck whatever they're comfortable and say I appreciate you and I appreciate you gonna wait pewter sets of hand guys that's a dirty cop y'all that warms my heart now that really does that really does thank you guys seriously thank you okay huh it shipped up a little bit all right so this was a question that I had as I was developing it since it okay so I've got my eye on archiver I've got my virtualization software I'm not too comfortable you know Roy my ISO we're trying to download nicely the kind of folks over at offensive security have pre-compile Linux distros that you can roll right out of the box right I said well where are they how to win stolen so in a quick little video he's gonna be Holly go to work the go to your downloads page click download Kali Linux right you've got Isis there if you want to try to roll your own excel you can also torn them well if that's your reflective thing you got Wheatley builds and they've also got pre-built Kali Linux VM ware and VirtualBox footages so you just click that link down bottom there and it will take you to the offensive security side these are you know owned and operated maintained by offensive security but the totally free and then literally you can choose VMware or VirtualBox images easy to download just click them and start the download they're ready to go right out of the box no crazy setup for anything needed at the most you might want to change the password home use default passwords if you run your VM you can I've noticed there's a lot of choke with that and some of the older me items USB 3.0 there's not a lot of love there so you can if you can get it to work right you know I burned them up just mine you know own hard drive that's just on the laptop I just have a folder where I store them all and it's good absolutely excellent yes oh definitely slides online and uh going to be possibly writing up a blog that's a little more in-depth on how to do it so be on the lookout for that we generate SSH keys yes you might wonder generate your SSH keys because especially the pre-built from offensive security comes with some free generate assess HD once you contracted it installed it there'll be a vmx file in the bowl of the to extract double-click that DMX file it'll pull up your VM player you virtual you know player of some sorts and in VMware and ask you you know did you copies your commitment so you just say I copied it after a few seconds you've got a login screen and all attacked because it's really easy right so you got your own archive and you've got your virtualization software now you got your pen testing different I need something to attack right there are several probably hundreds of vulnerable VMs that are out there right there's been a suitable there's morning catch to learn fishing there's the Olas broken web apps for web applications there's also web code there's a website called Home Hub comm that hosts a lot of different you know but challenge games and things like that it has like got tricks and pun OS and different things like that it's more geared towards a beginner I like Metasploit well because it's a it's intentionally vulnerable version of Ubuntu Linux it has remote logins backdoors Tahoma web services got facility built in default passwords it's got all kinds of stuff so you can literally just run whatever you want to go crazy good with a lot of these vulnerable VMs right I actually had a question on the hall well I kind of wanna begin but they don't want to do with it there are guides out there written by some of the developers right rabbit seven without a great guide from it exploitable written by HT more in Egypt believe and it gives you a cool little step-by-step you know here's some cool things you can do right it's kind of chichi but if you feel like you need to follow on with the guys that's okay everybody has to start somewhere so go ahead and grab the guy the morning catch has a great startup guide as well if you want to learn fishing download your fishing server toys download morning catch and she shows guys it's an actual real working fishing environment there's also a white paper in help on utility if you're wanting to practice web app hacking if when you get better at you know sequel injection cross-site scripting stuff like that there's a whole bunch of different write-ups and Sam's also get a write-up on on using the tilde some other unintentional but V atoms that are out there uh when is XP Windows XP is still floating around out there it's still floating around the customer sites I can I've lost count this year of the number of sites I've been to that still had active Windows XP machines right don't have Windows XP and their machines guys seriously don't but while it's still out there go ahead and practice on it because it's really easy it's easy to break it's fun okay it's out there when it's Server 2012 I want to challenge you to build up your own domain and you know that takes a few minutes it's a little bit challenging but there's write-ups on how to do that you can also get exchange or whatever seven Microsoft has made several of these available for free on a trial basis so you can download it from a service like TechNet the developer edge you can download these evaluations and they even tell you hey go ahead and take a snapshot of this so that you can refer back to it because it's an evaluation so you know they're they're all fourth oh yeah I use a product for free and and go crazy like I said Tecna has tech that has the server valuations the developer studio has bunch of virtual machines for like ie 8 and 99 and things like that see you guys in Windows 7 district that way there's the websites for the VMS if you want to go you know what form and then totally unrelated but as I was doing this talk I found this - this exists and why are there four million people watching it so as you're setting up all these huh what does it say it says the Windows XP startup sound slowed down to 24 hours and it has a as a website ahead over 4 million views yes y7 oh and I actually listened to some of it it was slow down to 20 bar oh yeah they just slowed it down low pitch slow pitch just more that's great as a side note as you're downloading and installing all these beans as you're getting them set up do not expose them to the internet do not expose mobile games there and if you expose one what games the Internet you're gonna have a bad time if you go out there and get an unpatched Windows XP machine and you throw it on your network and you just go crazy and forget to make it hosts only you're gonna have a bad time so now you've got an environment you've got a place to play you've got so much room for activities man now I can start hacking right well okay of what tools they use well there's thousand tools built in the cow and a thousand scripts of a release to places like Derby continent DEFCON and east sides and things like that so this is just kind of a general recommendation some tools start with gotten map any good penetration test starts with reconnaissance so you want to do some reconnaissance with like n map form a scam right look for open ports verticals the kind of folks are temple but you have a version of necess called misses home that is free from two twenties I believe so you can run a full horn ability stand against your test network and start looking at vulnerability scan results right I put on their cane just a few weeks ago I had a customer gave a report they saw an app of a whole bunch of clear timeframes elusive how did you get that so now my rant old volcano and he literally stood up should be saying what cane is that stuff it still works yeah your money it's it's it is very little it still works great it works great in all environments that I've tested you still get credentials and that's because you're still like to click they're very click happy so go practice with pain go do some are poisoning text please do not get more poisonous slice 24 you're going to take off some network path somewhere responders also Graham sure you guys have heard that spoken of a few times let's you're a man a metal tool since the road wpad top that file so you can practice doing some animal attacks with that go get those yummy hashes from the users once you get all those hashes need something to crack them with so I recommend practicing with something like jaw or hash cat copy the hashes to a text file run John crack up see what you get uh there's a couple versions of Metasploit up there there's a community edition which is free in the paid attention which is paid but it's built in account alright it's built into several these pen testing disproves and the free version works for me it's got plenty of exploits got plenty stuff to practice on for social engineering you've got set the library on date cutting go fish SPF fish meters there's a thousand different fishing and social engineering tools out there they're all you know most of them referring they said coefficient is a bit roll free so fire a bed fishing box start practicing some fishing tax figure out the best email layout that you that you like that you know works it looks good and I can really pull the users start kind of fine-tuning that I've seen a lot of phishing attacks failed because either the email didn't look authentic or it looked too real or you know just something something was off right you want to you want to make the user as comfortable as they can as they're doing about their day-to-day business and they just see this email it says its address from HR and they go oh yeah I'll do that phone play and then you're in for open source intelligence gathering again thousands of other tools out there I really like discover scripts what written by the lead part bear I believe the same is it is absolutely fantastic it will just pull every bit of open source data you can from a website spits it on a nice HTML file lets you read it's great reconnaissance it's also great information for the customer if they've got a couple domains out there and then there's somebody setting up a you know possible pyncheon tag and they're squatting on a domain that looks like that this will pull it and you can look at it and say hey you know google.com with two M's has been you know squatting for a while is that you guys or do you want to go investigate that another great tool for PowerShell scripting is PowerShell empire forming powershell scripts and things like that do talk about it this weekend I mean it is blows me away the stuff you look at this and then pragmatic sack that is a post exploitation framework it's really easy to use it release it a set up and install and you can run PowerShell scripts with it as well as the deep reconnaissance and all sorts of stuff it's kind of a good all in one utility belt toolkit I really like it and there are probably better ways of doing things there's thousand new tools out there these are just an example of a handful some that I like that I use that I read completely as an optional as you're building out your lab try to build a domain so go out get a version of Server 2012 build it a main controller out add a bunch of users to it make it as realistic environment as you can little bit of a challenge but you know it's nothing we can't handle right Peter Kim did it quick right up on his website microphone book calm and he's got a you know a nice little write-up about how to build up your own Medusa vein so you figured out how to go out and get it install it here's how to build it up get it all figured out once you get it all installed once you said everything's not host-only you want to make sure that it all works right to go through and well as home um what I'm doing here is I'm just checking on all my VM are set to host all mine so that they are completely segregated from the internet everything is offline it's all hosed and housed within my own system here I'm going to go on your attacker platform and you just want to ping all your systems make sure they're up and they're working and you know make sure you can talk to them so that's just a pain through make sure they work make sure they all talk yeah you don't want to throw in a timeout and then Amanda you know Liam's not on our VMs I'm working where it's not talking so well let me see there no worse cool if it all works congratulations you have it working my self-contained working hard life right so all will go as well I'm going to show you guys my hacking lab right we'll see how this works so this is my hacking lab this is Wayne Enterprises I've got Callie one Xbox one up that's my type of machine I've got the go fish morning catch fishing server I've got a Windows XP box I've got I've gotten best local to I've built out of the main controller with Windows Server 2012 I've got another type of platform several tools are only available on Windows they aren't available on a disco so it's good to have you know a little bit outside the box out there so I'm going to run you guys through just a really quick penetration test this is something that I've done at the customer site and it went almost exactly like this right we login yes I'm using me fulcrum tools so you log in and get your IDs here of your typing machines you go okay all right well let me see what's open on my Windows 16 box for instance right so you should run a quick eye match you can see that's going to 0 K up cool this is pretty quick mmm scan Windows XP box and see what's up long pretend like we don't know it's when it's actually lives by the way this is we're having a little more memory on your host machine allows you to run these things a little bit better so we'll remember you have what's normal you're going to get the list it's going to be choked up and it's great so oh man you know I found in I'm looking okay well we've got to tell Matt open and you know looks like a 3 3 denied RDP there so you know might be a Windows box bushes let's just double check here make sure it is some windows XP box how about that right when is XP professional service pack 2 or possibly what a server 2003 so we know that what is XP unpatched was a highly vulnerable to MSOE dosuk 7 right so this is where we can load up a mess point she just loaded up with MSF console window click second the run so we've done a reconnaissance as is this is loading so first up we've done our reconnaissance we found a Volvo machine companies XP on it hmm check it out just played seven or something I love it I love this guy so we're gonna go ahead and just do a search for MS and Oh ate their promises gets more exciting alright so you just use that exploit right there so you just hit use copy paste now you've loaded up so you've loaded up that exploit you're going to prepare for attack so we know that our host was this one ninety one six eight one seven one three six and we know what's up so let's go ahead and just try here so we're going to show options says all we need in our hosts we're going to set our hose literally we're set I'm going to say explain so this was a real thing so quick story loses window quick story balls while blowing us up the was that a customer site just you know a little while ago and the customer said oh man yeah we're good you know we don't have any vulnerabilities know how many things I got the right I got the they had several domains in a first time a in a few hours ii mean few hours third event was taking I was killing me I couldn't figure out what's going on so I did some more reconnaissance couldn't find anything I was like we would get this I did some reconnaissance on some IDs that I knew were in that range before necessarily mentioned five I found this box that's floating around out there they set his own EBR box that they totally forgot about right so I think I am but okay well let me just kind of exploit that to autonomy so I ran a semi so 806 of them found out that the domain administrator had logged into it recently right and for whatever reason they're using sugar credentials so I got those credentials and pass along with Craig mappings egg dump the domain controller all their passwords it's great uh minutes alright so run your tag let's assume that we got some hatches let me need to load up some of my crack map you know gives you holistic commands here once you've got some patches you can pass it with crack map fired off check the domain controller - man right so this is standard attack if you wanted to do something like a fishing server you can load up something like go fish right it's free it's easy to download once you download and install it here's your fishing server right it set it up add your users make a campaign all this within your VM right we point it at your morning catch fishing server with boy genious you're going there let's start fishing those guys and you can look and see if it's actually working are they getting them click them and see what happens it's great right and then if you want to even attack your exploitable box so we're going to see what's open on that again good reconnaissance right let me see it's got a whole bunch of stuff open it's got tell mine SSA just to be show or version it's got all sorts of stuff right we go okay well what can I do with all that so as I said the kind folks wrote up a good little how to find it either on their website about exploiting exploitable so it's got you know here's how to log in right there's couple services are fun running on it which command to run find all those some UNIX basics so you can like our login with them get a root right and it's all written up to kind of follow step by step so you can practice with that this walls morning Fitch guys they got a good little setup for messing with morning fish there so yeah several bad puns later you know okay yeah so you catch a lab you figured it out get everything worked in you're practicing if you want to do some additional training there's a bunch of free tools out there as well again the guys over defensive security did a kind of a course online that's free call them and split Unleashed that will get you through everything you want to know about running Metasploit how to do it some cool secrets back ends and bangs and they didn't kind of give you a little bit of help in building your own line hack the site it's still relevant it's kind of an older site but it's good for training it's good for web app it's good for you know just general hacking stuff there's also plenty of YouTube videos all of the Derby con Def Con b-sides is a all these organizations have their videos out there right go out and find them go out and see that talk build out that's all of that guy just released in your labs right now there's also the sand cyber aces the info seconds to their cyber area there's a whole bunch of other you know various training and things that you can find online let's go forth and conquer so quick story for you guys right back in 1995 movie hackers was released right great living I love it still to this day I saw that as a young tyke and I wanted to be those guys man I went to be zero cool I wanted to be lured by Tom's like man what do I need to do how do I get there right and now here I am speaking to every Tom so that's that's pretty cool um you can't get where you want to go if you don't have the drive and motivation to get there right you got to put in some work you've got to have the drive you have the motivation you also need to find a mental work okay a lot of this stuff you can learn on your own but mentoring is so ridiculously important wasn't they already a couple things several things but a health place is stuck out where you train like you fight and you know the person on the job above you in person the job below you so if you're a sysadmin and there's the sock team learn those jobs if your network guy and there's a sis Evan learn his job figure it out build it out in the lab right you're only going to get better by improving your skillset learning and dropping and part of that is through mentoring right if you have an advanced skill set so you're really really good a web app testing and you see some guys that are go help them out offer to hey man let me show you some cool things about web app testing if you're a new guy or gal if you're new person to security go out and find somebody that's really really good at something that you were to learn reach out say hey I wanted to do what you do can you show me I've been paying my lunch whatever it takes right we can't get better by ourselves as well as we can getting better with each other right that's why we come to places like their house 1 counting things like that kawaii we come to always talks because we want to get better the bad guys are out there and they're getting better I promise you that they're trying to kill your customers networks they're trying to steal sensitive data they're trying to destroy whatever they can right and they're getting better and they're training all the time in order for us to better protect our customers in order for us to better serve ourselves in order for us to better serve our customers and our companies we have to get better we have to help each other get better right so find a mentor or be a mentor don't keep your skillsets to yourself too often and too many companies I've gone to places where man we can't do a B and C because Jeff that was there for 30 years never taught us right and we don't know how it works that's unacceptable that is that is beyond unacceptable if you're getting ready to go out throw your skill set down sit down with somebody for a few weeks let me teach you everything I do let me make you the subject-matter expert right if you're coming in go find that guy that's been there for 30 years ago you get you by itself go find and talk to him say hey man I want to know everything you do teach me you make me you right just go out fundamental recommended reading again like I said there are some great books out there I have a massive library and this is just a small sampling the hatch playbook and head flavo - absolutely invaluable I love those books it's in a little bit of lab building but he also gets in a lot of tool development how to hack you know it's it's fantastic Georgia Wyman wrote a book about penetration testing kind of a beginner's manual as it were that's also a great book Dave Kennedy wrote Metasploit you know kind of immense boy Bible so I think this large breast gas company you don't get that there's also hacking there of exploitation Sanders puts out a whole bunch of books blowing this professional penetration testing that goes more in-depth of building the lab a little bit differently but also still works if you're looking at doing some more social engineering gigs more social engineering gauges Kevin bending it's kind of the Godfather of all that he wrote a bunch of books art of intrusion deception and gifts on the wires those are great as reference material to kind of go back and go okay well that's a different way to think about things if I'm trying to pretext a customer if I'm trying to you know work my way into the customer side you know if I want to be the you know that guy we read some books we read about what other guys have done I'm going to be in the next adjacent Street revalidation Street is done watch them - hiss talk right I mean if you want to get into coding and development you'll get blackhat Python I can't say enough good things about this book it's fantastic yes these are available at the hydrophone correct yes most of these are no starch press blurbs some of them are not some other publishers I think like the other infusion stuff and then there syngress you know I don't know if they're partners they're like competing or whatever but you know singers make some great books - yeah I like books I like everybody that's all good so with that ladies and gentlemen oh man thank you for coming I appreciate you guys coming I am that fire dog on Twitter and there's my email address appreciate it you guys have a risk wonderful Russia terrific on

Info

Channel: Adrian Crenshaw

Views: 47,844

Rating: 4.9197168 out of 5

Keywords: hacking, security, infosec, irongeek, louisville, derbycon

Id: b8_sOoQtALs

Channel Id: undefined

Length: 43min 43sec (2623 seconds)

Published: Sun Sep 25 2016

Reddit Comments