The accreditors of this session require that you periodically check in to verify that you are still attentive.
Please click the button below to indicate that you are.
Examined is a collection of open source tools that are used in an authorized red team engagement of a cloud-native Kubernetes cluster environment to discover application security defects. Our collection of dark web and GitHub proof-of-concept (PoC) tools provide a red team with an advanced adversarial advantage over traditional commercial tooling across all stages of an engagement. We report the results in relation to our understanding of the cloud shared responsibility model as it applies to IaaS, PaaS, and SaaS. Several flaw discovery and exploit tools with be demonstrated to show their utility. We explore how CVEs are weaponized on the internet and how having red team a-priori knowledge of them can help organizations create defense-in-depth mitigating controls.
Learning Objectives:
Plan a penetration test using open source tools.
Recall specific dark web toolkits for red teaming.
Demonstrate an understanding of GitHub proof-of-concept (PoC) exploits and their applicability to red teaming engagements.
Speaker(s):
Mr. Richard
Tychansky,
CISSP-ISSEP, CCSP, CGRC, CSSLP,
Security Architect,
Independent
David Zarsky
11/10/21 10:16 pm
Good to hear the comments about zero-days being less common and the thoughts about more info out on Github.