ChRiStIaAn008 asked:

Speakers: Chris Gates, Full Scope Security Vince Marvelli, Full Scope Security “Do you have good perimeter security keeping bad guys from coming in the front door? Unfortunately for you, there are other ways of gaining access. Specifically, having your untrained users browse to places they shouldn’t, open emails they shouldn’t, and downloading and executing things they shouldn’t. This presentation will address some of those issues and and describe why and how to go about testing your environment for this very likely vulnerability. Client Sides are the new remote exploit. If you aren’t allowing client side attacks during your vulnerability assessments or penetration tests your are ignoring a huge attack vector and the current attack method. You are also failing to exercise your internal and host based exploitation countermeasures (HIDS/HIPS), you ability to test and respond to client side attacks and internal attackers and missing a valuable opportunity for user awareness training. This talk will focus on justifying why you should be allowing client side penetration testing, giving penetration testers a basic methodology to conduct client side attacks during their penetration test, and give (mostly real-world) examples we used during client side penetration tests to go with our methodology. Outline: Stats on Client Side Attacks The New Remote Exploit Why Client Side Attacks The User’s Desktop Client Side Pen Test Methodology Common Client Side Pen Test Scenarios Common

Share →

Leave a Reply

Your email address will not be published. Required fields are marked *

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop us a note so we can take care of it!

Set your Twitter account name in your settings to use the TwitterBar Section.