Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests

Rob Havelt, Director of Penetration Testing at Trustwave SpiderLabs
True Stories of Real Pen Tests - Featuring demos of complex hacks and how business systems can be used against an organization.

Earth vs. the Giant Spider: Amazingly True Stories of Real Pen-Tests brings the audience the most massive collection of weird, downright freaky, and altogether unlikely hacks ever seen in the wild. Through stories and demonstrations, we will take the audience into a bizarre world where odd business logic flaws get you almost free food (including home shipping), sourcing traffic from port 0 allows ownership of the finances a nation, and security systems are used to hack organizations.

This talk will focus on:
•Complex hacks found in real environments
•Showing effective attacks not found with automated methods
•Types of victim organizations and data accessed

By the end of this presentation we hope to have the audience thinking differently about systems and applications that organizations use every day, and how they may be used against them.
May 22 2012
58 mins
Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests
Join us for this summit:
More from this community:

IT Security

Webinars and videos

  • Live 1 and recorded (4487)
  • Upcoming (158)
  • Date
  • Rating
  • Views
  • Are attacks on your network and users still occurring, despite continuing efforts to stay on top of security? What impact would malware have on your business if it was able to gain internal access and steal sensitive information?

    Without solutions that can disrupt the chain of events that occur during an advanced attack, many businesses are still being infiltrated and losing data every day. This webinar will cover the best practices in disrupting attacks with content security solutions - connected to optimize protection.
    Join this webinar as:
    •You will learn the tactics used by attackers today to infiltrate businesses
    •You will hear about the leading technologies available to disrupt advanced attacks
    •You will walk away with the knowledge to assess your own environment, and optimize your security
    Businesses today face more advanced attacks than we’ve ever seen in the past – and defending against them takes a connected approach which can disrupt the multiple points of infiltration and exfiltration used in the process of a breach. With most attacks seen in the wild using phishing emails to reach their target, a web link or malicious file to deliver a payload, and an outbound stream of communication to exfiltrate data – implementing a Secure Email Gateway, Secure Web Gateway, and Data Loss Prevention technology together will provide a barrier difficult for even the most advanced attacks to overcome.

    Don’t miss this webinar if you have a stake in the security of your most valuable information, or are directly responsible for the implementation of security solutions to protect it. Register now for this 30 minute webinar.
  • As most IT Pros are aware, as of April 8th, 2014, Microsoft will stop releasing security patches for Windows XP. Unfortunately, most folks will not be able to migrate all Windows XP machines by that deadline. How will you limit the security risks posed by these now vulnerable assets? Join us for this webinar outlining practical strategies to help you cover your assets.
    In this session we'll cover:
    The primary attack vectors you need to consider
    Immediate actions you can take to limit the exposure of your XP assets
    Warning signs to watch out for that could signal an attack
    How to closely monitor your vulnerable assets with AlienVault USM
  • Learn from ING how one of the largest financial services corporations implemented ReputationDV (RepDV) from HP TippingPoint to proactively secure their network without compromising performance. RepDV, a security intelligence tool, monitors inbound and outbound communications to identify and block undesirable hosts. Updated every two hours, this robust security intelligence feed searches through hundreds of thousands of known malicious IPv4, IPv6, and DNS names and assigns a threat score of 1 to 100. Rated based on the analysis of the source, category, or threat, this score helps block traffic that poses a potential security risk. ING has had amazing success with HP TippingPoint RepDV:
    - 2 million connections blocked in 15 months
    - 75% decrease in total malware related incidents
    - 0 false positives
    ING will cover how deploying HP TippingPoint security intelligence helped simplify their network security strategy while increasing reliability and effectiveness.
  • Advanced targeted cyber attacks have hit some of the world’s largest businesses. The attacks weren't blocked because they don’t match any known attack signature. Each one is unique, custom created to penetrate the target network and steal data.

    A new video featuring Gartner Distinguished Analyst, Neil MacDonald, and HP’s Eric Schou, explains how Big Data Security Analytics can help find and block targeted cyber attacks. View it to learn:

    How advanced targeted cyber attacks are different from traditional threats
    How Big Data techniques can spot attacks when traditional defenses fall short
    What you should be doing now to take advantage of Big Data Security Analytics
  • Advanced targeted cyber attacks have hit some of the world’s largest businesses. The attacks weren't blocked because they don’t match any known attack signature. Each one is unique, custom created to penetrate the target network and steal data.

    A new video featuring Gartner Distinguished Analyst, Neil MacDonald, and HP’s Eric Schou, explains how Big Data Security Analytics can help find and block targeted cyber attacks. View it to learn:

    How advanced targeted cyber attacks are different from traditional threats
    How Big Data techniques can spot attacks when traditional defenses fall short
    What you should be doing now to take advantage of Big Data Security Analytics
  • Cyberspace is typically the prime mechanism for conducting business. It also plays a key role in the socio-cultural lives of staff, customers and suppliers. By the end of 2013, revelations about how governments had been surrendering commercial and personal privacy in the name of national security left trust very badly shaken. And the timing couldn’t be much worse: many CEOs are ramping up their demands to take even greater advantage of cyberspace. So if this is where things are now, how will all of this look by 2016? How will new threats hurtling over the horizon complicate matters even further? Just what will organisations be able to rely on? And most importantly, are they powerless or can they do something now? This webcast spotlights the threats we'll be dealing with over the coming 24 months along with advice on the best ways of handling them.
  • Take a rule book, throw it away and write a better one.
    In typically disruptive fashion, Dell are Redefining the Economics of Enterprise Storage and you can benefit.

    In this webinar Paul Harrison, UK Storage Sales Director for Dell, will discuss Dell’s storage design philosophy and how our modern storage architectures are helping customers around the world to be more flexible and agile as well as breaking the traditional cycles of rip and replace.
    With our key design tenets around ease of use, full virtualisation, intelligent tiering, high scalability, elimination of forklift upgrades and innovative perpetual licencing models, Dell’s storage solutions are delivering real world benefits to thousands of users around the world and was the platform of choice for the Commonwealth Games, Glasgow2014.

    Join us and learn how Dell’s storage strategy differs from that of others and how it can help you to:
    •Acquire, deploy, and grow Storage on demand
    •Adapt more seamlessly to changing business needs
    •Intelligently manage data assuring business continuity
    •Reliably automate more processes, releasing time to focus on more strategic tasks
    •Strike the perfect balance between performance, capacity and price all while delivering a rich feature set.
  • Join this unique roundtable chat with three InfoSec Professionals who have recently climbed the BYOD mountain and come back down to share their stories. We’ll discuss the industry and regulatory differences, managing user expectations of privacy, legal implications and technical pitfalls in this 60 minute Security Leadership Series webinar, brought to you on April 10, 2014 at 1PM Eastern in partnership with Capella University.
  • Autonomic Software significantly expands the capabilities of McAfee ePO. Autonomic’s three suites are all integrated into ePO with no need for separate console, databases, and reports. They are “As McAfee As McAfee”!

    Autonomic Patch Manager, EndPoint Manager and Power Manager suites provide improved security, and managing of end points, at virtually no charge when incorporating Power Manager.

    Join McAfee and its 2013 MVP Partner of the Year to learn how the integrated solution provides:
    • Increases Scalability – Delivery of patches to both large organizations and small-to-mid-sized organizations
    • Reduces Costs - Using Power & Patch Management Suites
    • Simplifies Complexity - Maintains a secure environment with minimal human intervention using EndPoint Suite
    • Easily Customizable Solutions – For unique requirements
  • The alarming rise of advanced persistent threats (APTs) makes security analytics around Big Data an imperative. In light of the challenges of converting Big Data into actionable information with first generation SIEMs, security professionals have become skeptical about the ability to use SIEM beyond compliance needs. Yet, today’s advanced SIEM technology takes threat detection, understanding and response to a whole new level. Join us to learn how to use next generation SIEM technology to specifically detect security threats within an ocean of Big Data. Discover how the latest technologies in security analytics such as the quad-correlation methods of rules, statistics, risk, and history can help your organization execute SIEM best practices in detection with intelligence, integration, and ease.
  • Channel
  • Channel profile
Up Down
  • Death of Windows XP Gives Life to Hackers Recorded: Apr 2 2014 61 mins
    If you’re a small- or medium-sized business running Windows XP, you’ve likely heard that support will be cut off for the 13-year-old operating system in less than three weeks. But you may not have heard what impact that will have on your company’s security and compliance.

    Sign up for this important webinar to learn:
    • What Windows XP “end-of-life” exactly means to the security of your business.
    • Why you should especially care about this if you take credit cards for payment.
    • How you can safeguard your business and remain compliant.
  • 2014 Security Pressures from Trustwave Recorded: Mar 20 2014 51 mins
    Trustwave surveyed 833 IT professionals, including CISOs and CIOs, to learn more about the pressures they are facing. We know you're under stress, under-staffed, and likely, already over budget. Come listen to what else you have in common with your peers and how you can ease some of the tension. This online session will showcase the results of the 2014 Security Pressures Report from Trustwave, including:

    - Who and what is applying the pressure
    - Speed versus security
    - IT pro's "wish list" for 2014

    Breaches today are well-planned and well-funded, IT teams are stretched thin, and billions are being spent on security technologies that are not being fully utilized. Join us to learn how you can alleviate the pain points and escape the pressure.
  • Database Security Solutions: Protect Data Where It Lives Recorded: Mar 5 2014 49 mins
    Join Amit Jain, Security Lead Architect at Trustwave, as he discusses why databases and big data remain the primary target for attackers. Hear about today's biggest threats and how our solutions help protect against them.
  • Database Security Solutions: Protect Data Where It Lives Recorded: Feb 26 2014 42 mins
    Join Jayul Bhatt, Director of Program Management at Trustwave, as he discusses why databases and big data remain the primary target for attackers. Hear about today's biggest threats and how our solutions help protect against them.
  • Malware Everywhere Recorded: Feb 12 2014 39 mins
    Join Trustwave's Director of SpiderLabs APAC in our latest webinar - Malware Everywhere - where you'll learn:
    - Malware attack vectors and the sad state of self-detection.
    - The anatomy of an attack and how malware gets inside.
    - Strategies for better detection, protection and response.
  • Malware Everywhere Recorded: Feb 12 2014 35 mins
    Join Trustwave's Director of SpiderLabs APAC in our latest webinar - Malware Everywhere - where you'll learn:
    - Malware attack vectors and the sad state of self-detection.
    - The anatomy of an attack and how malware gets inside.
    - Strategies for better detection, protection and response.
  • Trustwave and ETA Present PCI DSS Version 3.0 is Here - How to Prepare Recorded: Feb 4 2014 58 mins
    Version 3.0 of the PCI DSS has officially been released, and the mandate has evolved towards a more comprehensive approach built on shared responsibility. During this webinar, the Trustwave compliance and risk experts will help you decipher the new requirements of the PCI DSS v3.0, understand the impact and scope of the changes and help you prepare your business to handle the changes effectively.
  • Malware Everywhere Recorded: Feb 4 2014 57 mins
    We've all seen the headlines - there's malware everywhere. It's targeted. It's sophisticated. It's sneaky. It could already be inside your organization without your knowledge. How can you improve detection, strengthen protection, and prepare to mitigate fast if an incident occurs?

    Join Trustwave's Director of Incident Response and Forensics in our latest webinar - Malware Everywhere - where you'll learn:

    • Malware attack vectors and the sad state of self-detection
    • The anatomy of an attack and how malware gets inside
    • Strategies for better detection, protection and response

    Mark your calendars and join the experts at Trustwave for this complimentary webinar.
  • Changes to the SSL Encryption Guidelines Recorded: Dec 12 2013 46 mins
    There have been recent changes to the guidelines for the use of SSL Encryption by the Certification Authority/Browser (CAB) Forum, and these changes likely affect the types of certificates used and the security of your network. During this webinar you'll learn how the CAB Forum issued guidelines affect your business and the issuance of SSL certificates, changes associated with the issuance of certificates and risks and vulnerabilities from failure to comply with the guideline changes.

    Please join Brian Trzupek, Vice President of SSL Managed Identity at Trustwave, as he discusses these changes and their potential long-term implications.
  • Managed Security Testing: Protecting Confidential Client Data Recorded: Dec 9 2013 45 mins
    A law firm works with confidential information every single day and chances are whether that data is a document protected by attorney-client privilege or a client’s health records, it’s stored digitally. To protect your law firm’s data and computer systems you need to protect against malicious individuals. In 2012, Trustwave found that 76 percent of data compromise victims did not identify or detect the intrusion on their own.

    One way to identify vulnerabilities in your systems before an attacker does is to undergo a penetration test--a simulated attack against your systems and/or applications.

    Join Trustwave SpiderLabs Director Chris Pogue for a discussion of penetration testing for law firms and Trustwave's new Managed Security Testing service that makes scheduling a test and taking action on the results easier than ever.
  • Franchise Compliance Meets PCI 3.0 Recorded: Dec 5 2013 51 mins
    Cyber attackers are targeting hospitality businesses like yours because the sensitive data you process every day is highly valuable. Regulations like the Payment Card Industry Data Security Standard are in place to help you protect cardholder data and your brand, but PCI guidelines are only focused on payment card data.

    Businesses today need to be concerned with more than just payment cards. That’s why protecting your brand and keeping the trust of your customers is an equal partnership between your organization and your entire franchisee and owner community.

    In this webinar we will review key changes to version 3.0 of the PCI DSS, what impact these changes may have on your organization and learn more about our program and how our solutions can simplify PCI for your organization.
  • PCI 3.0 is Here - How to Prepare Recorded: Dec 4 2013 75 mins
    Version 3.0 of the PCI DSS has officially been released, and the mandate has evolved towards a more comprehensive approach built on shared responsibility. During this webinar the Trustwave compliance and risk experts will help you decipher the new requirements of the PCI DSS v3.0, understand the impact and scope of the changes and help you prepare your business to handle the changes effectively.

    Join Greg Rosenberg, Sales Engineer with the Trustwave Compliance and Risk team as he helps you get up to speed on the new mandate requirements.
  • PCI 3.0 is Coming – Are you Ready? Recorded: Oct 10 2013 52 mins
    We’ve all heard it by now - the PCI standard is changing – to match an advancing threat landscape, new business and technology platforms, and evolving requirements of the payments community. Join Trustwave’s PCI compliance and threat intelligence experts in this expert webcast, to get a holistic view of PCI 3.0 from both a compliance management and threat intelligence perspective. They’ll answer your questions on both the “what” and the “why” of the new mandate, and you’ll learn:

    · the key changes that are part of the PCI DSS 3.0
    · what is driving those changes and why they’re needed
    · steps you can take to prepare your organization for the new mandate
  • Securing Mobile Apps: Old School Know How For the New World Order Recorded: Jun 13 2013 58 mins
    Mobile devices and applications are redefining business, revolutionizing productivity and driving competitive advantage. But as the volume of mobile applications increases, so too are mobile exploits. In the rush to enter the mobile software market, are we taking shortcuts that force us to repeat sins of the past? Like caching sensitive data, incomplete encryption and simple mistakes in coding? Don't let old-school vulnerabilities allow hackers to resurrect previously obsolete malware and exploits. With the experience of more than 1,400 incident response investigations, thousands of penetration tests and hundreds of application security tests, Trustwave SpiderLabs' Charles Henderson will show IT, security and development teams how to make sure they're not leaving sound security practices and due diligence behind as they develop new mobile applications.
  • 2013 Trustwave Global Security Report: Threat Trends Webinar Recorded: Mar 19 2013 64 mins
    Listen Up. Lock Down.

    •The average time from breach to detection is 210 days.
    •Mobile malware samples increased by 400%.
    •E-commerce applications account for 48% of breach investigations.

    Do you want the inside track on the threats you’ll be facing this year? Then sign up for this expert webcast covering the highlights of the 2013 Trustwave Global Security Report.

    Hosted by Trustwave’s SpiderLabs elite research and threat intelligence team, what you see and hear in this session will help prepare your business and your teams for what’s ahead in 2013 and beyond.
  • 2013 Trustwave Global Security Report: Threat Trends Webinar Recorded: Mar 19 2013 63 mins
    Listen Up. Lock Down.

    •The average time from breach to detection is 210 days.
    •Mobile malware samples increased by 400%.
    •E-commerce applications account for 48% of breach investigations.

    Do you want the inside track on the threats you’ll be facing this year? Then sign up for this expert webcast covering the highlights of the 2013 Trustwave Global Security Report.

    Hosted by Trustwave SpiderLabs elite research and threat intelligence team, what you see and hear in this session will help prepare your business and your teams for what’s ahead in 2013 and beyond.
  • 2013 Trustwave Global Security Report: Threat Trends Webinar Recorded: Mar 19 2013 55 mins
    Listen Up. Lock Down.

    •The average time from breach to detection is 210 days.
    •Mobile malware samples increased by 400%.
    •E-commerce applications account for 48% of breach investigations.

    Do you want the inside track on the threats you’ll be facing this year? Then sign up for this expert webcast covering the highlights of the 2013 Trustwave Global Security Report.

    Hosted by Trustwave SpiderLabs elite research and threat intelligence team, what you see and hear in this session will help prepare your business and your teams for what’s ahead in 2013 and beyond.
  • Emerging Threats: Trends in Malware Design - Research from Trustwave SpiderLabs Recorded: Dec 6 2012 46 mins
    Malware comes in all shapes and sizes. Some malware is mass-distributed while other malicious software is purpose-built to target specific data or businesses.

    And malware developers are continually “improving” their product - through propagation complexity, control channels, anti-forensic techniques and data exporting properties.

    Presented by John Miller, research manager for Trustwave SpiderLabs, this talk covers the evolution of malware as it adapts to today’s computing environments. Learn about:

    •How attackers are adapting malware
    •Common and targeted malware trends
    •Key methods to prevent attacks

    You’ll gain detailed insight into today’s leading malware research and information on how to build a better overall security posture.
  • The Honeymoon’s Over: Living with Your Application Pen Test Results Recorded: Nov 15 2012 52 mins
    Like everyone else, you know that application penetration tests are a critical part of any reasonable security program. So you setup a bake-off and find a qualified security company to test your applications. Things are going well and you start to see results show up in the reporting portal (or, if it’s still 2005, you get PDF reports).

    But identifying vulnerabilities is only half the battle. Once you know where your problems are, what do you do next? Schedule fixes for the next code deployment? Create virtual patches? What about long-term solutions?

    Find out what you can expect from an application penetration test, and what to do with the results in this hour-long session led by Trustwave SpiderLabs experts Charles Henderson, Director of Application Security Services, and Ryan Barnett, Lead Security Researcher.

    You’ll gain insight into:
    •Common and serious vulnerabilities uncovered by testing
    •Immediate tactical responses to remediation
    •Long-term strategic initiatives to improve application security

    You’ll walk away with actionable information on how to take full advantage of an application penetration test to strengthen application security throughout your organization.
  • Application Hackers Have a Handbook. Why Shouldn’t You? Recorded: Sep 12 2012 60 mins
    Your Web applications are at the heart of your business – they hold your intellectual property, drive your sales, and keep the trust of your customers. But here’s the problem – they’re fast becoming the preferred attack vector of hackers.

    In this upcoming webinar, you’ll get expert coaching and actionable advice that will help you protect your applications -- from design to production.

    Our presenters will cover:
    •A real-world view of the application lifecycle with expert guidance at each stage - Presented by Chenxi Wang, PhD, VP and Principal Analyst, Forrester Research
    •How a global leader in e-commerce built an actionable strategy for trusted applications - Presented by Wyman Lewis, MBA, CISSP, Information Security Director, GSI Commerce, an eBay Company
    •How a solution provider’s 360° approach helps secure thousands of mission critical apps - Presented by Marc Shinbrood, VP, WAF Business Unit, Trustwave

    You’ll walk away with actionable information that you can deploy immediately, to strengthen the security of your critical applications. You’ll also be armed with expert knowledge and peer advice that will guide your longer-term strategies around full lifecycle application design, testing, planning and production.
Smart security on demand
Trustwave is the leading provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations throughout the world. Trustwave has helped thousands of organizations — ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers—manage compliance and secure their network infrastructure, data communications and critical information assets.
Try a powerful marketing platform for your videos and webinars. Learn more  >

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests
  • Live at: May 22 2012 4:00 pm
  • Presented by: Rob Havelt, Director of Penetration Testing at Trustwave SpiderLabs
  • From:
Your email has been sent.
or close
You must be logged in to email this