Many, if not most, security professionals spend a comparatively small amount of time profiling their targets in comparison to the attack phase, and rarely step outside O/S and application enumeration. This is unfortunate, since proper enumeration can expose critical information and vulnerabilities, increasing the chances of success while reducing the noise of the attack.
In this intensive, hands-on course, two-time Defcon social engineering CTF winner Shane MacDougall will run through a gamut of tools, websites, and procedures that every penetration tester/attacker should have in their toolkit, and collect data points that at might not seem relevant, but can in fact yield huge lift to the attacker, all without sending a single packet to the target network.
Basic computer skills, understanding of basic security concepts
USB stick with all required software
Shane MacDougall is a two-time winner of the Defcon Social Engineering Capture The Flag, and has placed in the top three of the attack portion in every year of the contest's existence. He is principal partner at Tactical Intelligence, and a security analyst for JL Bond Consulting. Mr. MacDougall started in the computer security field in 1989 as a penetration tester with KPMG, and worked on the attack side of the field until 2002, when he joined ID Analytics, the world's largest anti-identity theft detection company as the head of information security. In 2011, he left the firm to start his own company. Mr. MacDougall has presented at several security conferences, including Black Hat Abu Dhabi, Black Hat EU, BSides Las Vegas, DerbyCon, LASCON, and ToorCon. He is currently doing research in the areas of integrating near-realtime OSINT into IDS/SIEM, as well as the generation of a realtime pre-text generator.
