The Resourceful Pentester: Resources, Tools, and Targets for Pentesters

Pizza and Beer will be provided

Join Jim Holcomb (https://www.linkedin.com/in/jameseholcomb/), Assoc. Security Consultant at Evolve Security, for a pentesting workshop. Laptops not required, but highly recommended.

Description: With the array of skills required to be an effective pentester, it is important for both students and active pentesters to continue to practice these skills in both simulated and real-world environments. Currently, there is an abundance of resources and tools available to pentesters such as capture the flags, intentionally vulnerable virtual machines, guides, and methodologies.

Abstract: This workshop will focus on demonstrating how pentesters can utilize numerous publicly available resources in order to practice implementing the Penetration Testing Execution Standard in simulated or safe lab environments. This workshop begins by defining the PTES coupled with a demonstration on how to apply this methodology when conducting penetration tests. The second half of the workshop will consist of a hands-on segment during which attendees can apply the PTES through attacking Metasploitable3. Finally, the talk will finish with an enumeration and discussion of different resources available for practicing and learning more about pentesting such as hack.evolvesecurity.io (http://hack.evolvesecurity.io/), VulnHub, Hack.me, and Over the Wire.

System Setup: This talk will be workshop based. Therefore, it would be beneficial to attend with the following resources available:

A laptop with VirtualBox installed: https://www.virtualbox.org/wiki/Downloads

Alternatively install with a package manager (brew, choco, apt, etc)

A laptop with a Kali Linux (64 bit) VirtualBox instance installed https://www.kali.org/downloads/

Alternatively install a preconfigured ova from Offensive Security: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/

A laptop with a Metasploitable2 or Metasploitable3 VirtualBox instance installed (highly encouraged):

https://information.rapid7.com/metasploitable-download.html

https://github.com/rapid7/metasploitable3

Note: Metasploitable3 requires Vagrant and Packer to install and must be built locally. Metasploitable2 can be downloaded and loaded as VMDK. We will review both of them but you only need one for the workshop.

https://secure.meetupstatic.com/photos/event/2/8/7/3/600_464650355.jpeg

As a Web Developer, Jim (https://www.linkedin.com/in/jameseholcomb/)focused on integrating security into the development life cycle in order to identify potential threats at the application level prior to deployment. As a member of Evolve's Security Team, he has been utilizing his extensive background in Web Technologies and programming to mitigate application vulnerabilities for clients as well as continuing to develop Evolve's internal suite of security tools.

Evolve Security (https://www.evolvesecurity.io/) is a dedicated cyber security services firm that focuses on delivering real and measurable improvements to your security posture. We work alongside your current security and/or IT staff to manage and resolve your security vulnerabilities throughout the full security lifecycle. Evolve Security's expertise is within Application Security, Penetration Testing, and Security Training through its Academy.

Evolve Security Academy is ranked the #1 cyber security bootcamp in the world by Switchup. It is a 17-week Cyber Security Bootcamp in Chicago that provides in-person and immersive training, giving students the concrete and practical skills they will actually need on the job. Students gain real work experience through the live security assessment work they perform on not-for-profit companies. With 350,000 unfilled cyber security jobs in the U.S., our primary focus is on creating top-tier cyber security talent to solve this labor shortage.

https://secure.meetupstatic.com/photos/event/7/6/7/2/600_463350322.jpeg

WeWork provides small businesses, startups, freelancers, large enterprises, and everyone in between with the workspace, community, and services they need to make a life, not just a living. With weekly events, personalized support, month-to-month flexibility, and access to over 130,000 like-minded creators around the world, WeWork is the perfect place to grow your business. Book your tour here (https://www.wework.com/l/chicago--IL)!