Past Meetup

Attack Chaining: Advanced Maneuvers for Hack Fu

This Meetup is past

28 people went

Location visible to members


SPEAKERS:: Rob Ragan and Oscar Salazar (Stach & Liu)

Just as a good chess player thinks five moves ahead, a great penetration tester should be able to visualize their attack in order to compromise high-value targets. This presentation will explore how a penetration tester can learn to leverage attack chaining for maximum impact. A penetration test is supposed to be a simulation of a real-world attack. Real-world attackers do not use expensive automated tools or a checklist. Nor do they use a single technique or exploit to compromise a target. More commonly they combine several techniques, vulnerabilities, and exploits to create a “chained” attack that achieves a malicious goal. Chained attacks are far more complex and far more difficult to defend against. We want to explore how application vulnerabilities relate to one another and build a mind map that guides penetration testers through various attack scenarios. Prepare to be blown away on this roller coaster ride with real-world examples of massive compromises. If you are not a thrill seeker, this presentation may leave you a bit queasy.

Rob Ragan is a Senior Security Associate at Stach & Liu, a specialized security consulting firm serving the Fortune1000 and high-tech startups. We protect our clients from the bad guys by breaking-in and bending the rules before the hackers do. From critical infrastructure to credit cards, popular websites to mobile games, and flight navigation systems to frozen waffle factories, we’re there. Before joining Stach & Liu, Rob served as a Software Engineer with the Application Security Center team of Hewlett-Packard (formerly SPI Dynamics) where he developed automated web application security testing tools, performed penetration tests, and researched vulnerability assessment and identification techniques. Rob has presented his research at leading conferences such as BlackHat, DEFCON, InfoSec World, SummerCon, HackCon, OuterZ0ne, and HackerHalted. He has published several white papers and is a contributing author to the Hacking Exposed: Web Applications 3rd edition. (@sweepthatleg)
Oscar Salazar is a Security Associate at Stach & Liu where he specializes in penetration testing, source code review, network assessments, and secure development training. Prior to joining Stach & Liu, Oscar served as a Web Security Research Engineer at Hewlett‑Packard’s Application Security Center where he developed security checks for one of the leading web application security scanners, as well as researched techniques for automated scanning of Web 2.0 Applications.

GoToMeeting 411::

1. Please join my meeting.

2. Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone.

Argentina (toll-free):[masked]

Australia (toll-free):[masked]

Australia: +61 (0)[masked]

Austria (toll-free):[masked]

Austria: +43 (0)[masked]

Belarus (toll-free):[masked]

Belgium (toll-free):[masked]

Belgium: +32 (0)[masked]

Brazil (toll-free):[masked]

Canada (toll-free):[masked]

Canada: +1 (647)[masked]

China (toll-free):[masked]

Czech Republic (toll-free):[masked]

Denmark (toll-free):[masked]

Denmark: +45 (0)[masked]

Finland (toll-free):[masked]

Finland: +358 (0)[masked]

France (toll-free):[masked]

France: +33 (0)[masked]

Germany (toll-free):[masked]

Germany: +49 (0)[masked]

Hong Kong SAR China (toll-free):[masked]

Iceland (toll-free):[masked]

India (toll-free):[masked]

Indonesia (toll-free):[masked]

Ireland (toll-free):[masked]

Ireland: +353 (0)[masked]

Israel (toll-free):[masked]

Italy (toll-free):[masked]

Italy: [masked]

Japan (toll-free):[masked]

Luxembourg (toll-free):[masked]

Malaysia (toll-free):[masked]

Mexico (toll-free):[masked]

Netherlands (toll-free):[masked]

Netherlands: +31 (0)[masked]

New Zealand (toll-free):[masked]

New Zealand: +64 (0)[masked]

Norway: [masked]

Panama (toll-free):[masked]

Peru (toll-free):[masked]

Philippines (toll-free):[masked]

Poland (toll-free):[masked]

Portugal (toll-free):[masked]

Russia (toll-free):[masked]

Singapore (toll-free):[masked]

South Africa (toll-free):[masked]

South Korea (toll-free):[masked]

Spain (toll-free):[masked]

Spain: [masked]

Sweden (toll-free):[masked]

Sweden: +46 (0)[masked]

Switzerland (toll-free):[masked]

Switzerland: +41 (0)[masked]

Taiwan (toll-free):[masked]

Thailand (toll-free):[masked]

Ukraine (toll-free):[masked]

United Kingdom (toll-free):[masked]

United Kingdom: +44 (0)[masked]

United States (toll-free):[masked]

United States: +1 (213)[masked]

Uruguay (toll-free):[masked]

Vietnam (toll-free):[masked]

Access Code:[masked]

Audio PIN: Shown after joining the meeting

Meeting Password: OWASPATL

Meeting ID:[masked]


Online Meetings Made Easy™

COST:: Free to all. Bring a Friend. However, please look to join our chapter. Only $50. No pressure, but greatly appreciate. Non-profit and good cause.