Bsides Leeds - hacker of all master of none.pptx (1)

•

3 recomendaciones•594 vistas

Andrew Gill

Andy Gill's Slides from BSides Leeds

Tecnología

Hacker of All Trades
Master of None
Andy Gill

Obligatory Who Am I…
@ZephrFish on all of the Internet.
Work as a Security Consultant
@PenTestPartners
Kicker/Breaker/Hacker/FilmGoer in my Nights
Wrote a Book about Learning Things
Black Belt in Karate,
so not only a Keyboard Warrior

The Plan for Today
Understanding pentesting
Some Tips & Some Tricks
Lessons Learned
The different trades a tester may
have
How to be more Business-ey
As a pentester/hacker…

PENETRATION... Testing
Take a min, have a giggle, you know you want to!

But really, what is it?
Expectation: Popping shells all day long, hacking all the things
Reality -
A massive human aspect -
lots of breaking, fixing and helping

Tricks of the Trade...
The Good the Bad & the Down right Ugly… tips!
The Do’s
● RTFM
● Don’t Be Afraid to Google Like a MF Ninja
● Actually Use the App before you Abuse it...
● Always try http & https on random ports, you’d be surprised

Tips (Cont)
Don’t Do These Things
Bad Things can happen...

Winging it...
Most folks are winging it, if they tell you they’re not they’re lying or just old…
Not Winging in the Sense “I have no idea what I’m doing” but more that every day
is a new learning opportunity.
It works 50% of the time 100% of the time

A tester can have many Hats
Not the Good Guy/Bad Guy Scenario
More the range of trades and teams one tester will liaise with.

Being a better Business Hacker
RCE, XSS, CSRF,SSRF, BEAST,
POODLE, ROBOT, SSL
BUZZ WORD BINGO

How to Find Me.
https://twitter.com/ZephrFish
https://blog.zsec.uk
https://leanpub.com/ltr101-breaking-into-infosec
https://www.pentestpartners.com

Más contenido relacionado

Similar a Bsides Leeds - hacker of all master of none.pptx (1)

In this talk, Joe will take you on a journey to find the holy grail we are all looking for: the “perfect” design. We’ll look at a practical strategy that uses psychology to produce the ideal design for those tricky user experience design problems we face everyday. What exactly is the perfect design? Well, that’s what you will find out in the session. We’ll look at the three aspects that define the perfect design and how you can make it work in your projects.

Psychology and the Perfect Design by @mrjoe

cxpartners

Work Smarter, Sell More

Sales Hacker

Trading tips

Badr sayiar

Blend it up - leancamp london presentation

Antonio Terreno

The legal profession faces a bewildering array of challenges. And when new computer technologies, evolving client expectations, and competition force changes on the profession and the way we do business, some of the tools that have served us well in the past may fall a little short. As a result, managing change when the “new” becomes “the normal” can be overwhelming. Unfortunately, too many attorneys react to the distresses of the law practice by isolating themselves and turning to unhealthy and dangerous actions and habits. These materials are a compendium of short pieces and resources that have helped me create some practical strategies for surviving- and hopefully thriving- in an uncertain world.

Resources for Lawyers to Help Create Space

Jack Pringle

The Pragmatic Programmer is a collection of ideas, observations, and recommendations for software developers. Throughout the book, they highlight these notions in a set of numbered tips, about 70 of them, which are collected on a single tear-out card situated in the back of the book. Just reading the tips, without reading the text of the book, might make these gems seem trite, empty, and obvious. But, they're not!

The pragmatic programmer

Nilesh Sharma

How to build a Start Up (in ten easy steps)

flaregames GmbH

Similar a Bsides Leeds - hacker of all master of none.pptx (1) (7)

Psychology and the Perfect Design by @mrjoe

Work Smarter, Sell More

Trading tips

Blend it up - leancamp london presentation

Resources for Lawyers to Help Create Space

The pragmatic programmer

How to build a Start Up (in ten easy steps)

Último

ICT role in 21st century education and its challenges

rafiqahmad00786416

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

When you’re building (micro)services, you have lots of framework options. Spring Boot is no doubt a popular choice. But there’s more! Take Quarkus, a framework that’s considered the rising star for Kubernetes-native Java. It always depends on what's best for your situation, but how to choose the best solution if you're comparing 2 frameworks? Both Spring Boot and Quarkus have their positives and negatives. Let us compare the two by live coding a couple of common use cases in Spring Boot and Quarkus. After this talk, you’ll be ready to get started with Quarkus yourself, and know when to select Quarkus or Spring Boot.

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Jago de Vreede

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Manulife - Insurer Transformation Award 2024

The Digital Insurer

DBX First Quarter 2024 Investor Presentation

Dropbox

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Exploring Multimodal Embeddings with Milvus

Zilliz

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

Bsides Leeds - hacker of all master of none.pptx (1)

1. Hacker of All Trades Master of None Andy Gill

2. Obligatory Who Am I… @ZephrFish on all of the Internet. Work as a Security Consultant @PenTestPartners Kicker/Breaker/Hacker/FilmGoer in my Nights Wrote a Book about Learning Things Black Belt in Karate, so not only a Keyboard Warrior

3. The Plan for Today Understanding pentesting Some Tips & Some Tricks Lessons Learned The different trades a tester may have How to be more Business-ey As a pentester/hacker…

4. PENETRATION... Testing Take a min, have a giggle, you know you want to!

5. But really, what is it? Expectation: Popping shells all day long, hacking all the things Reality - A massive human aspect - lots of breaking, fixing and helping

6. Tricks of the Trade... The Good the Bad & the Down right Ugly… tips! The Do’s ● RTFM ● Don’t Be Afraid to Google Like a MF Ninja ● Actually Use the App before you Abuse it... ● Always try http & https on random ports, you’d be surprised

7. Tips (Cont) Don’t Do These Things Bad Things can happen...

8. Lessons Learned… Going ON-SITE 101

9. Winging it... Most folks are winging it, if they tell you they’re not they’re lying or just old… Not Winging in the Sense “I have no idea what I’m doing” but more that every day is a new learning opportunity. It works 50% of the time 100% of the time

10. A tester can have many Hats Not the Good Guy/Bad Guy Scenario More the range of trades and teams one tester will liaise with.

11. Being a better Business Hacker RCE, XSS, CSRF,SSRF, BEAST, POODLE, ROBOT, SSL BUZZ WORD BINGO

12. Learning to be a People Person

13. How to Find Me. https://twitter.com/ZephrFish https://blog.zsec.uk https://leanpub.com/ltr101-breaking-into-infosec https://www.pentestpartners.com

14. Any Question?

Bsides Leeds - hacker of all master of none.pptx (1)

Recomendados

Recomendados

Más contenido relacionado

Similar a Bsides Leeds - hacker of all master of none.pptx (1)

Similar a Bsides Leeds - hacker of all master of none.pptx (1) (7)

Último

Último (20)

Bsides Leeds - hacker of all master of none.pptx (1)