Slides are available for our “Advanced Persistent Pentesting: Fighting Fire with Fire” talk from Hacker Halted 2012. The central thesis of the presentation is that pentesters have all the tools available to them to simulate an APT, and that the focus on the pentesting report as a binary pass / fail has been wrong. We should be focusing on the result a bit, but we should be focusing on the process far more.
Some of the take aways from the presentation:
- Both the tester and the test target should work closely together for maximum value.
- Pentests should not operate in a silo.
- As a defender, if you don’t want the results, you want the IR capability.
- Adding or enhancing a capability qualifies as actionable results.
- Offensive capabilities lead, defensive capabilities lag (several years?).
Thanks again to the entire crew at Hacker Halted that made this possible.