Put on your suit and venture back to 1999! Many penetration testers either forgot what we learned in the 90s or may be too young to even remember the game 12+ years ago. Either way, the Kung-Fu that worked so well back then is still prevalent in today’s electronic world. Sure the tools got better; our systems got faster; and hopefully, your testers evolved along the way. But the basics that served as such a solid foundation and development platform back then still provides reliable pathways to privileged access in nearly every business in today’s world. This talk will not only serve as a nostalgic flashback to those great times but also demonstrate real world attack techniques that work on practically every engagement that we conduct, show why the basics will still get a corporation owned at multiple levels, and illustrate methods of attack that many may think is a lost art or unnecessary. So, put away those 0-days, detach yourself from automated toolsets, step outside of those hypothetical testing chambers, roll up your sleeves and see what attacks from the trenches really looks like.
Eric Smith is a Senior Partner and Principal Security Consultant at Lares Consulting.