Wednesday, August 28, 2013

"Pentest is dead, so we are here to revive it"

We have arrived in an era where vulnerability assessment and
exploitation tools can be done with just a simple few clicks.
The ease provided  by modern commercial vulnerability assessment tools
especially regarding the reports generated by these tools give the
illusion that penetration testing is a simple task that can be
done/managed automatically ignoring the needs to increase the IT
security personnel competency.

However the ease of these tools is like an opium to the masses of IT
security practitioner. Relying solely on the results provided by these
tools somehow give the sense of false security towards the
organization that they are safe. The output of the tools only shows a
certain perspective of the whole security in the system. You might
have a good firewalls rules but have you ever considered an attack
could occurred by redirecting our attack by manipulating the
white-list rules? Worst, what's the point of patching your Oracle
Database to the latest update when the tnsname is predictable and the
7-Devil Oracle Default User are created  when a new DB is initialized?

In the Blackbelt Penetration Testing Training , we are here to quench
the thirst of the hollow exist in most IT Security Enthusiast. We are
trying to unlock the potential of any IT Security Enthusiast not to be
limited by the view provided by most security tools now-days. The
class is designed to unlock the creativity on technique to compromise
servers or find vulnerabilities that are not detected by tools. We
also give an in-depth view on common/uncommon  weakness found in the
World of Windows and Unix/Linux.  Do you trust your antivirus or
firewall? We will show you that under certain condition, some
malicious files can be encapsulated to bypass antivirus and firewall
protection. This is not a class that you are going to miss.

Feel free to sign up at 
http://conference.hitb.org/hitbsecconf2013kul/tech-training-5/

No comments: