2. Obligatory Who Am I…
@ZephrFish on all of the Internet.
Work as a Security Consultant
@PenTestPartners
Kicker/Breaker/Hacker/FilmGoer in my Nights
Wrote a Book about Learning Things
Black Belt in Karate,
so not only a Keyboard Warrior
3. The Plan for Today
Understanding pentesting
Some Tips & Some Tricks
Lessons Learned
The different trades a tester may
have
How to be more Business-ey
As a pentester/hacker…
5. But really, what is it?
Expectation: Popping shells all day long, hacking all the things
Reality -
A massive human aspect -
lots of breaking, fixing and helping
6. Tricks of the Trade...
The Good the Bad & the Down right Ugly… tips!
The Do’s
● RTFM
● Don’t Be Afraid to Google Like a MF Ninja
● Actually Use the App before you Abuse it...
● Always try http & https on random ports, you’d be surprised
9. Winging it...
Most folks are winging it, if they tell you they’re not they’re lying or just old…
Not Winging in the Sense “I have no idea what I’m doing” but more that every day
is a new learning opportunity.
It works 50% of the time 100% of the time
10. A tester can have many Hats
Not the Good Guy/Bad Guy Scenario
More the range of trades and teams one tester will liaise with.
11. Being a better Business Hacker
RCE, XSS, CSRF,SSRF, BEAST,
POODLE, ROBOT, SSL
BUZZ WORD BINGO
13. How to Find Me.
https://twitter.com/ZephrFish
https://blog.zsec.uk
https://leanpub.com/ltr101-breaking-into-infosec
https://www.pentestpartners.com