SlideShare une entreprise Scribd logo

Bsides Leeds - hacker of all master of none.pptx (1)

Andrew Gill
Andrew Gill

Andy Gill's Slides from BSides Leeds

Technologie
1  sur  14
Télécharger pour lire hors ligne
Hacker of All Trades Master of None Andy Gill
Obligatory Who Am I… @ZephrFish on all of the Internet. Work as a Security Consultant @PenTestPartners Kicker/Breaker/Hacker/FilmGoer in my Nights Wrote a Book about Learning Things Black Belt in Karate, so not only a Keyboard Warrior
The Plan for Today Understanding pentesting Some Tips & Some Tricks Lessons Learned The different trades a tester may have How to be more Business-ey As a pentester/hacker…
PENETRATION... Testing Take a min, have a giggle, you know you want to!
But really, what is it? Expectation: Popping shells all day long, hacking all the things Reality - A massive human aspect - lots of breaking, fixing and helping
Tricks of the Trade... The Good the Bad & the Down right Ugly… tips! The Do’s ● RTFM ● Don’t Be Afraid to Google Like a MF Ninja ● Actually Use the App before you Abuse it... ● Always try http & https on random ports, you’d be surprised
Tips (Cont) Don’t Do These Things Bad Things can happen...
Lessons Learned… Going ON-SITE 101
Winging it... Most folks are winging it, if they tell you they’re not they’re lying or just old… Not Winging in the Sense “I have no idea what I’m doing” but more that every day is a new learning opportunity. It works 50% of the time 100% of the time
A tester can have many Hats Not the Good Guy/Bad Guy Scenario More the range of trades and teams one tester will liaise with.
Being a better Business Hacker RCE, XSS, CSRF,SSRF, BEAST, POODLE, ROBOT, SSL BUZZ WORD BINGO
Learning to be a People Person
How to Find Me. https://twitter.com/ZephrFish https://blog.zsec.uk https://leanpub.com/ltr101-breaking-into-infosec https://www.pentestpartners.com
Any Question?

Recommandé

Pre production task 4
Pre production task 4Pre production task 4
Pre production task 4JoshuaMeredith2
 
A roadmap for a proficient trader
A roadmap for a proficient traderA roadmap for a proficient trader
A roadmap for a proficient tradernarcissistrader Pit
 
Trading Strategies
Trading StrategiesTrading Strategies
Trading StrategiesInvestingTips
 
Hacking - Breaking Into It
Hacking - Breaking Into ItHacking - Breaking Into It
Hacking - Breaking Into ItCTruncer
 
Indie Series 03: Becoming an Indie
Indie Series 03: Becoming an IndieIndie Series 03: Becoming an Indie
Indie Series 03: Becoming an IndieMohammad Shaker
 
How to go from "meh" to "omg"
How to go from "meh" to "omg"How to go from "meh" to "omg"
How to go from "meh" to "omg"Ghonche Tavoosi
 
8 Outsourcing Tips For Beginners
8 Outsourcing Tips For Beginners8 Outsourcing Tips For Beginners
8 Outsourcing Tips For Beginnerspickupcash
 
Social Empire Growth Hacking And Life Hacking with Mark Middo - Socialempire
Social Empire Growth Hacking And Life Hacking with Mark Middo - SocialempireSocial Empire Growth Hacking And Life Hacking with Mark Middo - Socialempire
Social Empire Growth Hacking And Life Hacking with Mark Middo - SocialempireSocial Empire Group
 

Recommandé

Pre production task 4
Pre production task 4Pre production task 4
Pre production task 4JoshuaMeredith2
 
A roadmap for a proficient trader
A roadmap for a proficient traderA roadmap for a proficient trader
A roadmap for a proficient tradernarcissistrader Pit
 
Trading Strategies
Trading StrategiesTrading Strategies
Trading StrategiesInvestingTips
 
Hacking - Breaking Into It
Hacking - Breaking Into ItHacking - Breaking Into It
Hacking - Breaking Into ItCTruncer
 
Indie Series 03: Becoming an Indie
Indie Series 03: Becoming an IndieIndie Series 03: Becoming an Indie
Indie Series 03: Becoming an IndieMohammad Shaker
 
How to go from "meh" to "omg"
How to go from "meh" to "omg"How to go from "meh" to "omg"
How to go from "meh" to "omg"Ghonche Tavoosi
 
8 Outsourcing Tips For Beginners
8 Outsourcing Tips For Beginners8 Outsourcing Tips For Beginners
8 Outsourcing Tips For Beginnerspickupcash
 
Social Empire Growth Hacking And Life Hacking with Mark Middo - Socialempire
Social Empire Growth Hacking And Life Hacking with Mark Middo - SocialempireSocial Empire Growth Hacking And Life Hacking with Mark Middo - Socialempire
Social Empire Growth Hacking And Life Hacking with Mark Middo - SocialempireSocial Empire Group
 
Psychology and the Perfect Design by @mrjoe
Psychology and the Perfect Design by @mrjoePsychology and the Perfect Design by @mrjoe
Psychology and the Perfect Design by @mrjoecxpartners
 
Work Smarter, Sell More
Work Smarter, Sell MoreWork Smarter, Sell More
Work Smarter, Sell MoreSales Hacker
 
Trading tips
Trading tipsTrading tips
Trading tipsBadr sayiar
 
Blend it up - leancamp london presentation
Blend it up - leancamp london presentationBlend it up - leancamp london presentation
Blend it up - leancamp london presentationAntonio Terreno
 
Resources for Lawyers to Help Create Space
Resources for Lawyers to Help Create SpaceResources for Lawyers to Help Create Space
Resources for Lawyers to Help Create SpaceJack Pringle
 
The pragmatic programmer
The pragmatic programmerThe pragmatic programmer
The pragmatic programmerNilesh Sharma
 
How to build a Start Up (in ten easy steps)
How to build a Start Up (in ten easy steps)How to build a Start Up (in ten easy steps)
How to build a Start Up (in ten easy steps)flaregames GmbH
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Contenu connexe

Similaire à Bsides Leeds - hacker of all master of none.pptx (1)

Psychology and the Perfect Design by @mrjoe
Psychology and the Perfect Design by @mrjoePsychology and the Perfect Design by @mrjoe
Psychology and the Perfect Design by @mrjoecxpartners
 
Work Smarter, Sell More
Work Smarter, Sell MoreWork Smarter, Sell More
Work Smarter, Sell MoreSales Hacker
 
Blend it up - leancamp london presentation
Blend it up - leancamp london presentationBlend it up - leancamp london presentation
Blend it up - leancamp london presentationAntonio Terreno
 
Resources for Lawyers to Help Create Space
Resources for Lawyers to Help Create SpaceResources for Lawyers to Help Create Space
Resources for Lawyers to Help Create SpaceJack Pringle
 
The pragmatic programmer
The pragmatic programmerThe pragmatic programmer
The pragmatic programmerNilesh Sharma
 
How to build a Start Up (in ten easy steps)
How to build a Start Up (in ten easy steps)How to build a Start Up (in ten easy steps)
How to build a Start Up (in ten easy steps)flaregames GmbH
 

Similaire à Bsides Leeds - hacker of all master of none.pptx (1) (7)

Psychology and the Perfect Design by @mrjoe
Psychology and the Perfect Design by @mrjoePsychology and the Perfect Design by @mrjoe
Psychology and the Perfect Design by @mrjoe
 
Work Smarter, Sell More
Work Smarter, Sell MoreWork Smarter, Sell More
Work Smarter, Sell More
 
Trading tips
Trading tipsTrading tips
Trading tips
 
Blend it up - leancamp london presentation
Blend it up - leancamp london presentationBlend it up - leancamp london presentation
Blend it up - leancamp london presentation
 
Resources for Lawyers to Help Create Space
Resources for Lawyers to Help Create SpaceResources for Lawyers to Help Create Space
Resources for Lawyers to Help Create Space
 
The pragmatic programmer
The pragmatic programmerThe pragmatic programmer
The pragmatic programmer
 
How to build a Start Up (in ten easy steps)
How to build a Start Up (in ten easy steps)How to build a Start Up (in ten easy steps)
How to build a Start Up (in ten easy steps)
 

Dernier

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Dernier (20)

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Bsides Leeds - hacker of all master of none.pptx (1)

  • 1. Hacker of All Trades Master of None Andy Gill
  • 2. Obligatory Who Am I… @ZephrFish on all of the Internet. Work as a Security Consultant @PenTestPartners Kicker/Breaker/Hacker/FilmGoer in my Nights Wrote a Book about Learning Things Black Belt in Karate, so not only a Keyboard Warrior
  • 3. The Plan for Today Understanding pentesting Some Tips & Some Tricks Lessons Learned The different trades a tester may have How to be more Business-ey As a pentester/hacker…
  • 4. PENETRATION... Testing Take a min, have a giggle, you know you want to!
  • 5. But really, what is it? Expectation: Popping shells all day long, hacking all the things Reality - A massive human aspect - lots of breaking, fixing and helping
  • 6. Tricks of the Trade... The Good the Bad & the Down right Ugly… tips! The Do’s ● RTFM ● Don’t Be Afraid to Google Like a MF Ninja ● Actually Use the App before you Abuse it... ● Always try http & https on random ports, you’d be surprised
  • 7. Tips (Cont) Don’t Do These Things Bad Things can happen...
  • 9. Winging it... Most folks are winging it, if they tell you they’re not they’re lying or just old… Not Winging in the Sense “I have no idea what I’m doing” but more that every day is a new learning opportunity. It works 50% of the time 100% of the time
  • 10. A tester can have many Hats Not the Good Guy/Bad Guy Scenario More the range of trades and teams one tester will liaise with.
  • 11. Being a better Business Hacker RCE, XSS, CSRF,SSRF, BEAST, POODLE, ROBOT, SSL BUZZ WORD BINGO
  • 12. Learning to be a People Person
  • 13. How to Find Me. https://twitter.com/ZephrFish https://blog.zsec.uk https://leanpub.com/ltr101-breaking-into-infosec https://www.pentestpartners.com