Optimal Offensive Security Programs

Offensive security plays a crucial role in cybersecurity by identifying and exploiting system vulnerabilities. However, current practices often contain gaps that diminish the effectiveness of these assessments. This presentation will examine these gaps and provide strategies to optimize offensive security efforts.

Submission Details
Offensive security, a key element in protecting information systems, focuses on uncovering and exploiting vulnerabilities. Despite its critical role, there are several deficiencies in current methodologies that can compromise the accuracy and impact of these tests. This presentation will explore these shortcomings and offer practical solutions to enhance the overall efficacy of offensive security assessments.

Key Topics:
1. Introduction to Offensive Security
2. Types of Offensive Security Approaches
3. Identifying Gaps in Offensive Security Programs
4. Strategies for Optimizing and Overcoming Gaps in Offensive Security

Pwning Web Apps – An Intro to Web App Pentesting

In this intro to web application penetration testing workshop, participants will learn the basics of web application penetration testing including; methodology, tools, techniques, and resources. The skills taught in this workshop are valuable to aspiring bug hunters for use in bug bounties.

Optimal Offensive Security Programs

Offensive security, a critical component of cybersecurity, aims to identify and exploit vulnerabilities in information systems. Despite its importance, several gaps exist in current practices that can undermine the effectiveness of these tests. This presentation will address these gaps and propose strategies to enhance offensive security assessment efficacy.

Topics discussed in this presentation:
1. Offensive security introduction
2. Offensive security types
3. Gaps in pentesting
4. Overcoming the gaps and optimizing your offensive security program

The target audience is those who work on the blue team, IT, or management. The goal is to help them better understand the different types of assessments, the typical gaps, and how to over come them.

Offensive Security Awareness

Offensive security is critical for detecting vulnerabilities in systems, applications, people, and buildings. Some assessment types are only crucial at certain times or stages of an organization's security maturity. Offensive security takes a threat approach to assess in-scope targets for vulnerabilities and, even more importantly, exploitable ones. Although offensive security is no secret, companies are required to perform pentests for compliance reasons. It is one of the most misunderstood areas of cybersecurity. This is due to the lack of experience by most cybersecurity professionals in this discipline. In this presentation, we will demystify this tradecraft, and attendees will learn the details of each specialization of offensive security, including pentesting, red teaming, social engineering, and physical security assessments. Vulnerability management will be discussed, and where offensive security falls into the overall strategy. Discussed along with the different assessment types, we will share the tools and techniques used in each phase of these assessment types. Attendees will come away with a better understanding of offensive security, the difference in assessment types, and the tools, methodologies, and standards necessary for performing thorough security assessments.

Hacking Your Pentesting Career

Concept creator and co-author of “The Pentester BluePrint: Starting a Career as an Ethical Hacker,” Phillip Wylie, will help you create your personal blueprint to jumpstart your career as a pentester. In this workshop, concepts from the book will be discussed, as well as content from his conference presentation, “Pentesting experience, and how to get it.”

The Pentester Blueprint: A Guide to Becoming a Pentester

Pentesting or ethical hacking as it is more commonly known has become a much sought-after job by people in IT, InfoSec, or those just trying to get into the industry. In this presentation, Phillip Wylie shares the blueprint for becoming a pentester. The presentation combines Phillip’s experience as a pentester and ethical hacking instructor to give attendees a guide on how to pursue a career as a pentester. Phillip shares what has worked for his students and people that he has mentored over his years as a pentester. This presentation covers the knowledge and skills needed to become a pentester as well as the steps to achieve them.