When your job is to act as a malicious attacker on a daily basis for the good of helping organizations, you can’t help but wonder “What if I decided to embrace the evil within?” What if one day I woke up evil? Every day as a pentester, I compromise organizations through a variety of ways. If I were to wake up one day and decide to completely throw my ethics out the window, how profitable could I be, and could I avoid getting caught?
In this talk I will walk through a detailed methodology about how I personally would go about exploiting organizations for fun and profit, this time not under the “white hat.” Non-attribution, target acquisition, exploitation, and profitization will be the focal points. Blue teamers will get a peek into the mindset of a dedicated attacker. Red teamers will learn a few new techniques for their attack methodologies.
Beau Bullock is a Senior Security Analyst at Black Hills Information Security. Prior to joining BHIS, Beau‘s primary role has been implementing security controls to protect information and network assets. He has held information security positions in the financial and health industries. Beau has experience with all aspects of enterprise network security including penetration testing, vulnerability analysis, data loss prevention, wireless security, firewall management, and employee security training. In his spare time, he hosts the Hack Naked TV information security webcast and presents at conferences.
Beau holds a B.S. in Information Technology and has also obtained multiple industry certifications including OSCP, OSWP, GCIH, GCFA, GSEC, GPEN, GXPN. Beau is @dafthack on Twitter.