Security B-Sides London 2015

3rd of June 2015
ILEC Conference Centre 47 Lillie Road, London, SW6 1UD
Back To Schedule
Wednesday, June 3 • 4:45pm - 5:30pm
Intelligence led Penetration Testing

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

As cyber-attacks become have become sophisticated and prevalent, it is key that penetration testing evolves accordingly to continue to add value to the organisations that use it as a key security control. Utilising threat intelligence and OSINT as the scoping tools to make a penetration test bespoke, relevant and realistic to our clients is something that BAE Systems is currently focussing on. Part of our approach involves collecting, repurposing and mimicking real attack toolkits and techniques that are attributed to threat actors that we have collected through our Threat intelligence and incident response work.
The focus of this presentation is how to use both general threat intelligence and recovered attack toolkits to define and deliver this type of highly focussed testing. It will use references to examples of tool repositories we have access to, malware we have reverse engineered and tools we have written to replicate real attacks.
The audience should leave the presentation with an understanding of the process of turning a threat intelligence report into a set of actionable tests, that emulate the behaviour of distinct attack groups and tools and how they might apply this to future STAR and intelligence led penetration testing assignments.


Cam Buchanan

Cam Buchanan is the current Head of Penetration Testing at BAE Systems. His third book “Python Web Penetration Testing Cookbook”, written with a number of other industry professionals, is publishing soon . His experience stretches across all sectors and he specialises in the scoping... Read More →

Wednesday June 3, 2015 4:45pm - 5:30pm BST
a. Track 1