🔗 Slides for this webcast -
cham423.notion.site/Discoveri...
Friends don't let friends get exploited with old malware.
In this free one-hour Black Hills Information Security (BHIS) webcast, Corey Ham will share his knowledge and experience gained from leading the continuous penetration testing (CPT) team at BHIS.
He'll talk about what N-days are, why they matter, and then outline a process to discover and exploit N-days against a corporate target.
Defenders, learn from the attackers.
Red Teamers, learn from your peers.
Tools used will include Shodan, Nuclei, and many others.
Chat with your fellow attendees in the Black Hills Infosec Discord server here: / discord -- in the #webcast-live-chat channel.
///Chapters
00:24 - Who am I?
oo:55 - Anti-SOC concept
01:36 - Persistent security issues (passwords, awareness, vuln management)
02:34 - What is an N-Day?
03:56 - N-Day history
04:29 - Eternal Blue
05:43 - Heartbleed
06:32 - Apache Struts
06:44 - Proxy Not Shell
07:08 - Spectre/Meltdown, Black Energy
10:06 - Less than 10% of breaches are due to exploit vulns (Verizon DBIR)
11:09 - Mitigations
14:04 - Support License trap
15:42 - DEMO INTRO- Uber Bug Bounty Program
20:30 - DEMO
27:43 Shodan
42:53 Nuclei
58:50 Exploiting N-days
1:00:20 Q&A
#infosec #zerodays #exploit #cybersecurity #pentesting
31 янв 2024
