Penetration Testing mailing list archives
Replicating the Gonzalez Cyber Attacks through Penetration Testing
From: "Core Security" <sfa () securityfocus com>
Date: 21 Nov 2009 00:07:11 -0000
-------------------------------------------------------------------------------- YOU'RE INVITED: IT SECURITY ON DEMAND WEBCAST "Replicating the Gonzalez Cyber Attacks through Penetration Testing" Register: http://www.coresecurity.com/Form/generic/campaign/SecurityFocusGonzalez --------------------------------------------------------------------------------- Recently, we saw the indictment of cybercrime kingpin Albert Gonzalez, one of the accused masterminds behind high-profile data breaches at Heartland Payment Systems, Hannaford Bros. Supermarkets, 7-Eleven, and TJX. Next week, Core Security Technologies will present a hands-on look at the attacks Gonzalez and his co-conspirators are believed to have used in breaching these organizations. Leveraging the actual indictment document as a guide, Core Security senior product manager Alex Horan will use CORE IMPACT Pro penetration testing software to demonstrate the techniques by which Gonzales allegedly stole millions of credit card numbers* - showing you how to identify IT exposures in your own environment before cybercriminals do.
Register here: http://www.coresecurity.com/Form/generic/campaign/SecurityFocusGonzalez
During the webcast, you'll see a step-by-step depiction of an attack similar to that described in the Gonzalez indictment, including the following critical stages: * the initial web application compromise via SQL Injection * the use of a well-known backend database command to make the attacks even * more invasive * the planting of malware on the backend database server * the collection and transmission of credit card transactions to the * attackers Through the demonstration, you'll also learn how commercial-grade penetration testing software enables you to see your IT systems as an attacker would -- not only by determining if the kinds of issues that Gonzalez reportedly leveraged are present in your environment, but also by ... * assessing how deployed defenses react to specific threats * revealing what systems and data would be exposed by a breach * depicting how chains of vulnerabilities open paths to mission-critical * systems and information * providing actionable data for immediately mitigating critical exposures * repeating tests to ensure the effectiveness of remediation efforts This webcast is ideal for anyone interested in proactively assessing their security posture against real-world cyber threats.
Register here: http://www.coresecurity.com/Form/generic/campaign/SecurityFocusGonzalez
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Replicating the Gonzalez Cyber Attacks through Penetration Testing Core Security (Nov 20)