VISIT
RAPID7
AT
DERBYCON 6.0
Date: September 21-25
Location: Hyatt Regency, Louisville Kentucky
Website: https://www.derbycon.com/
Visit Rapid7 at DerbyCon 6.0
Date: September 21-25
Location: Hyatt Regency, Louisville Kentucky
Website: https://www.derbycon.com/
SPEAKERS
Metasploit Town Hall
Metasploit team
12 - 12:50pm ET, Friday, Sept. 23
The Second annual Metasploit Town Hall will be occurring at DerbyCon this year. The panel will include Tod Beardsley, Brent Cook, James ‘egyp7’ Lee, Lance Sanchez, and myself. This will be an open format Town Hall to allow our user and contributor communities to ask questions and provide feedback face to face.
We're a shooting gallery, now what?
Joseph Tegg
Senior Security Consultant, Enterprise Deployment, Deployment & Training
9 – 9:25am ET, Saturday, Sept. 24
The Red Team / Pentest Team just handed our CISO a report that says the network is a “Shooting Gallery”. Sure, we test, just like everyone else. We use internal or 3rd party pentest / red teams to evaluate our security controls and policies in an effort to reduce the risk exposure, and the results are always the same. This discussion will shine the light on one of the often overlooked critical processes in a mature vulnerability management program: looking past individual findings to discover root causes and address the true systemic problems that make the enterprise network a perennial shooting gallery.
Managed to Mangled: Exploitation of Enterprise Network Management Systems
Deral Heiland, IoT Research Lead & Matthew Kienow
12:00-12:50pm ET, Saturday, Sept. 24
Network Management Systems (NMSs) are widely deployed in medium and large organizations and provide an excellent attack surface due to their open trust of SNMP data. The talk will discuss SNMP as an attack vector to inject various forms of attacks into NMSs, including cross-site scripting (XSS) and format string vulnerabilities, to take control of the NMS and authenticated user’s host via rogue network device SNMP agents and traps. Using live demonstrations we explore attack delivery, execution and factors that control the success of each attack. In conclusion, we discuss overall risk factors and mitigation techniques for providing protection against these attacks.
New Shiny in Metasploit Framework
James Lee, Developer and Open Source Community Manager at The Metasploit Project
1:00-1:50pm ET, Saturday, Sept. 24
New Shiny in Metasploit Framework egypt @egyp7 This Derbycon tradition will cover some of the awesome new capabilities added to the Framework in the last 12 months, including improvements to meterpreter, post exploitation, and more. `git log --since=""2015-09-23""` James Lee, better known as egypt, is a software developer and Open Source Community Manager for Rapid7 where he hacks things with the Metasploit Framework. He is a vocal advocate for open source and strongly believes that open source security tools are vital to the future of the internet. Note that egypt is not Egypt. The two can be distinguished easily by their relative beards -- Egypt has millions, while egypt only has the one.
Hacking with Ham Radios: What I have learned in 25 years of being a ham.
Jay Radcliffe, Senior Security Consultant and Researcher, Global Services
1:00-1:50pm ET, Saturday, Sept. 24
Jay Radcliffe has been working in the computer security field for over fifteen years and is currently a Senior Security Consultant and researcher for Rapid7. Coming from the managed security services industry, Jay has used just about every security device made over the last decade. Recently, Jay has presented ground breaking research on security vulnerabilities in medical devices at Black Hat, B-Sides and other technology conferences. Having held an amateur radio license since the age of 12, Jay is equally comfortable hacking hardware and working a soldering iron as he is in front of a keyboard performing a penetration test.
Overcoming Imposter Syndrome (even if you’re totally faking it)
Jesika McEvoy
Manager, Deployment & Training, Global Services
1:30-1:55pm ET, Saturday, Sept. 24
Imposter Syndrome has been oft discussed in the context of gender or other minorities and mentoring, but these discussions have left out the greater truth – nearly everyone in the infosec community experiences this phenomenon. This talk is designed to approach the topic from a broader perspective. It will contain tips on not only overcoming this ourselves, but how to use this confidence to be a mentor and role model to others.
Scripting Myself Out of a Job - Automating the Penetration Test with APT2
Adam Compton, Senior Security Consultant Assessment & Austin Lane, Security Consultant Assessment
3:00-3:50p, ET, Saturday, Sept. 24
Nearly every penetration test begins the same way; run a NMAP scan, review the results, choose interesting services to enumerate and attack, and perform post-exploitation activities. What was once a fairly time consuming manual process, is now automated! Automated Penetration Testing Toolkit (APT2) is an extendable modular framework designed to automate common tasks performed during penetration testing. APT2 can chain data gathered from different modules together to build dynamic attack paths. Starting with a NMAP scan of the target environment, discovered ports and services become triggers for the various modules which in turn can fire additional triggers. Have FTP, Telnet, or SSH? APT2 will attempt common authentication. Have SMB? APT2 determines what OS and looks for shares and other information. Modules include everything from enumeration, scanning, brute forcing, and even integration with Metasploit. Come check out how APT2 will save you time on every engagement.
myBFF (Brute Force Framework)
Kirk Hayes
Security Consultant, Assessment
6:30-6:55pm ET, Saturday, Sept. 24
This presentation will feature a new open source tool which combines fingerprinting and brute forcing against some common web applications, including Citrix, HP, Juniper, and MobileIron, to add intelligence to password guessing. Better yet, this tool is modular, allowing the easy expansion of the tool to include not only other web applications, but also other services. We will look at different password guessing techniques, their shortcomings, and how myBFF can address these shortcomings. The best part is that the tool will do more than just tell you if a credential pair is valid!
Static PIE: How and Why?
Adam Cammack, Software Engineer II, Metasploit & Brent Cook, Manager, Engineering, Software Development
1:00-1:50pm ET, Sunday, Sept. 25
Self-relocating executables without external dependencies (static PIE) have been an area of interest in embedded systems and defensive security research inside OpenBSD. We will explore how to create these binaries, how they are currently being used in defensive security, and novel offensive applications involving code execution in highly restricted environments. We will then demonstrate a new Metasploit payload that reflectively injects itself into running Linux processes.
