Operational Security in Penetration Testing
Presenter: Troy Defty
Format: 45 mins
Location: The Amphitheatre
Penetration Testing is intended to improve a given organisation's security posture. However, such a potentially invasive process can often provide pentesters with significant or in some cases unprecedented access to an organisation's most sensitive systems. Without considering the results of their actions, or the behaviours of their tooling, pentesters can leave remnants of their privileged activities for real attackers to find, or even be detrimental to the overall security posture of the organisation by changing the state of play to be of benefit to a real attacker.
This talk aims to address some of the key operational risks in the daily life of a penetration tester, provide guidance to penetration testers to reduce any potential negative impact towards their customer's network, and to accentuate the point that Twitter is not always a great source of real-world penetration testing techniques.