We were checking out the talks from DerbyCon 2011 and ran across an interesting talk by Kevin Mitnick and Dave Kennedy about Adaptive PenTesting. Thanks to the guys at IronGeek.com for having this video and a bunch of others too.
Penetration Testing is something that has many different meaning depending on the context used by the person. The Penetration Testing Execution Standard (PTES) is aimed to change that. In this talk we’ll be covering adaptive penetration testing which essentially is the ability to conform and change based on the environment that your attacking. We’ll be covering several live examples used in real-world penetration tests, how we discovered some clever tricks to circumvent security controls, and eventually be creative and gain unauthorized access.