How my career is changing.
I share my experience and lessons learned from operating a public bug bounty.
I’m managing a bug bounty program that has shown tremendous benefit so far. Several findings have been extremely clever, and I’ve been fortunate enough to have good interactions with the vulnerability researchers.
On a recent engagement I supported the lead by developing a PowerShell payload for a RubberDucky. The gist is that it will run a handful of standard Windows commands and then e-mail the results to a specified address.
Unfortunately, I didn’t arrive at the ballroom early enough to get seats, or even standing room, to see this talk in-person:
Ed Skoudis: How To Give The Best Pen Test Of Your Life
Learn how to create a metasploit module
Introductory methods for DNS reconnaissance.
Techniques for performing subdomain enumeration information gathering.
Customize your working environment to your liking
Methods for obtaining reverse shells