This is one of the presentations that should be watched by any IT Manager or  Chief Security Officer.

People tend to focus their security posture in the vulnerabilities instead of  a sound design that protect their critical assets and, even, penetration testers commit the same mistake. Of course, bad penetration testers.

In my career in IT, I have seen many so called penetration testers that just run vulnerability scanners and then send the report to the customer.  It is plainly wrong (rubbish?) because I do not need to pay a company to scan my own network for vulnerabilities, since I can do it by myself, with the same results.

Then, what is a penetration test? It is meant to emulate a real attack, that tries to reach our core business by making use of any possible attack vector.

A penetration tester must try all the possible attack vectors. This includes: mis-configurations, bad network designs, vulnerabilities,  social engineering,  protocol weaknesses, etc. Just because an skilled attacker, the one that is motivated and can cause a big damage, will do.

H.D. Moore is the Chief Security Officer of Rapid7 and  Founder & Chief Architect of Metasploit.

This presentation shows the techniques that can be used by a skilled penetration tester in order to gain full access to the network without exploiting a single vulnerability.

It includes:  attacking the users,  password testing, design weaknesses in the Windows platform (NTLM hashes and NTLM relay),  exploit the SMB design weaknesses to gain privileges up to the domain controler,  layer 2 attacks,  IPv6, etc..

Slides  Video