Jumping from Tenable's SecurityCenter CV to production environments

Want to visit   +76

Author: Oleksandr Kazymyrov

This talk will cover passive (extracting information on assets, users, passwords, private keys, etc.) and active (encrypted credentials) information gathering on a rooted server with installed Tenable's SecurityCenter. Moreover, a method for lateral movement from DMZ to production environments using features of Nessus scanning will be demonstrated. It will help red teams to penetrate deeper into internal networks, especially into those containing highly valuable information, like cardholder data environments. From the blue team perspective, the demonstrated techniques will help better understand the risk of vulnerability scanners placed unattended in DMZ zones.

  • Language
  • English

Has a PhD in information security from the University of Bergen. A member of non-functional testing group in financial services at EVRY. Holds CEH (Certified Ethical Hacker) and CES (Certified Encryption Specialist) certificates. A co-author of the Ukrainian standards of block cipher and hash function.

Oleksandr Kazymyrov Oleksandr Kazymyrov

Back to the list