Security Tool Misconfiguration and Abuse
As any security program matures, it will use tools and techniques to automate processes to improve the security posture of the organization. This includes asset management and discovery, patch management, deploying software, and vulnerability discovery. However, if the these tools are improperly configured, they can lead to a total compromise of your network by an attacker. In this talk we will go over a few case studies of abusing these tools while on penetration tests as well as remediation methods to prevent these attacks from occurring.
Thomas Richards, Associate Principal Consultant, has been with Cigital(now Synopsys) since 2012. His primary areas of expertise include Red Teaming and Mobile Security. He is an Offensive Security Certified Professional (OSCP). Thomas spends his days guiding working with clients on red teaming activities and initiatives. In his free time, he enjoys playing guitar, camping, and spending time with his wife and five kids.