Go Hack Yourself: 10 Pentest Tactics for Blue Teamers

Posted on Posted in SecConf


Penetration testing is an art and a science. It takes the knowledge of networks/applications/all things computing as well as critical thinking and an understanding of human behavior to become a truly great tester. The tools and processes to carry out the trade have evolved significantly in the past few years with the explosion of offensive PowerShell, lowering the barrier to entry for the execution of advanced offensive tactics. If attackers are using these tools to break into networks, why shouldn’t defenders use the same to make their environments more secure? A popular question from system administrators to CISOs is: What can I do to learn this “stuff”? While penetration testing takes years of experience to master, defenders can use recent tool advancements to plug many of the common holes offensive teams take advantage of. This talk will highlight 10 key areas blue teams can regularly audit using offensive toolsets without needing a red team background. From quickly triaging open files shares, to examining domain trusts, to easily testing border egress, these red teams tools and tactics can help blue teams better secure the networks they defend.


Brent Kennedy leads the penetration testing and assessment group at the CERT division of the Software Engineering Institute at Carnegie Mellon University. Brent’s major responsibility is working with the Department of Homeland Security’s Risk and Vulnerability Assessment (RVA) program to provide penetration testing services to federal, state and local government entities as well as critical infrastructure customers. Additionally, Brent’s group aims to enhance the state of the penetration testing field through technical research and process improvements.

Will Schroeder is a security researcher and pentester/red-teamer for Veris Group’s Adaptive Threat Division, and is one of the co-founders and active developers of the Veil-Framework. He has presented at Shmoocon, Carolinacon, Defcon, and Derbycon on topics spanning AV-evasion, post-exploitation, red teaming, offensive PowerShell, and more.

Jason Frank is the manager of Veris Group’s Adaptive Threat Division, where he oversees penetration testing efforts for various government agencies, including the Department of Homeland Security (DHS), Department of Treasury, and multiple Fortune 500 clients. Jason specializes in leading penetration testing programs, while developing and maturing client’s internal assessment efforts. In addition, Jason has several years of experience training participants in testing methodologies, including at major industry conferences such as Black Hat.



Quelle: BSidesPGH