Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests

Manage webcast
Rob Havelt, Director of Penetration Testing at Trustwave SpiderLabs
True Stories of Real Pen Tests - Featuring demos of complex hacks and how business systems can be used against an organization.

Earth vs. the Giant Spider: Amazingly True Stories of Real Pen-Tests brings the audience the most massive collection of weird, downright freaky, and altogether unlikely hacks ever seen in the wild. Through stories and demonstrations, we will take the audience into a bizarre world where odd business logic flaws get you almost free food (including home shipping), sourcing traffic from port 0 allows ownership of the finances a nation, and security systems are used to hack organizations.

This talk will focus on:
•Complex hacks found in real environments
•Showing effective attacks not found with automated methods
•Types of victim organizations and data accessed

By the end of this presentation we hope to have the audience thinking differently about systems and applications that organizations use every day, and how they may be used against them.
May 22 2012
58 mins
Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests
More from this community:

Collaboration and UC

  • Live and recorded (849)
  • Upcoming (16)
  • Date
  • Rating
  • Views
  • Channel
  • Channel profile
  • Dangers to Web App Security: 4 Ways to Control Complexity and Cost Aug 5 2015 3:00 pm UTC 60 mins
    Victor Bonic, Global Security Architect, and Thomas Savage, Product Marketing Manager
    Web application security is threatened not just by hackers but also by the complexity (and related cost) of keeping up with security challenges. Due to the ever-increasing strategic and financial importance of e-commerce and other web services, web application security is of paramount importance for nearly every organization. The difficulties of web application security are compounded by the growing complexity of web applications, the nearly constant changes in site content and the increasing sophistication of web application attacks. Add in migration to cloud-based and hosted environments and the cost of application security can start to become unmanageable.

    Join this webinar as Trustwave discusses 4 approaches to reduce cost and complexity. Trustwave has helped hundreds of organizations adopt these approaches and secure their web applications with a solution offering advanced capabilities (continuous learning mode, bi-directional analysis, etc.), flexible architecture, and multiple delivery options to simplify your operations.
  • The Internet of Things revolution-what lurks in the shadows? Recorded: Jul 22 2015 43 mins
    Sam Bakken, Product Marketing Manager at Trustwave
    Beyond the novelty, the Internet of Things (IoT) will improve our standard of living and revolutionize industry—but at what cost to security and privacy?

    In an ideal world, manufacturers and providers of IoT products and services take responsibility for protecting their users. But, at present, businesses adopting the technology and consumers inviting it into their homes need to take precautions.

    Join us for a primer on deploying IoT technology safely in your home or business and discover:

    • How the IoT will transform business
    • Risks in both consumer and business/industrial use cases
    • Five crucial security and privacy considerations.
  • How to Win at SIEM: 6 Strategies to Successfully Contain Breaches Recorded: Jul 8 2015 56 mins
    Thomas Savage, product marketing manager at Trustwave and Andy Millican, senior product manager at Trustwave
    Holding off on getting a SIEM, or frustrated with the one you’ve got?

    Security information and event management (SIEM) solutions have been deployed for over a decade but the vision offered by vendors and analysts is rarely realized by customers. Roughly one-third of new SIEM sales today are replacements for “failed” SIEM deployments. Listen in as our experts highlight the major challenges to selecting, deploying and more importantly, operating a SIEM. Then the conversation will shift to focus on six strategies to augment your resources using Trustwave managed services so that you can realize the full vision of a SIEM solution.

    Join this informative webinar where you will learn how to:

    •Fund, deploy and operate a SIEM that sets you up for success
    •Optimize automatic log collection and threat correlation
    •Efficiently identify, stop, and resolve breaches.
  • PCI 101: Getting Started with Trustwave TrustKeeper PCI Manager Recorded: Jun 18 2015 49 mins
    James Zou, Trustwave Systems Engineer
    The Payment Card Industry Data Security Standards (PCI DSS) were created to help prevent credit card fraud. Any business that processes, stores or transmits payment card data must be PCI DSS compliant.

    This live demo will walk you through the basics of getting started with the Trustwave TrustKeeper PCI Manager and help you better understand the PCI DSS and the necessary steps to secure your business.
  • The State of Cybercrime: Breaking down the 2015 Trustwave Global Security Report Recorded: Jun 11 2015 62 mins
    John Yeo, VP of Trustwave SpiderLabs and Karl Sigler, Threat Intelligence Manager at Trustwave SpiderLabs
    Are you ready for a front-row seat to the cybercrime battleground? The 2015 Trustwave Global Security Report (GSR) has just been released and presents an open window into the skilled and frenetic attack landscape. Join this webinar as we highlight our major findings and offer you a chance to:

    • Get a condensed overview of the history of the GSR
    • Hear about our 2014 investigations while we discuss some of the insight gleaned from our threat intelligence and research
    • Get a bird’s eye view at aggregated data from our network and application penetration testing in 2014.
  • The State of Cybercrime: Breaking down the 2015 Trustwave Global Security Report Recorded: Jun 11 2015 57 mins
    John Yeo, VP of Trustwave SpiderLabs and Lawrence Munro, Director of SpiderLabs EMEA at Trustwave
    Are you ready for a front-row seat to the cybercrime battleground? The 2015 Trustwave Global Security Report (GSR) has just been released and presents an open window into the skilled and frenetic attack landscape. Join this webinar as we highlight our major findings and offer you a chance to:

    • Get a condensed overview of the history of the GSR
    • Hear about our 2014 investigations while we discuss some of the insight gleaned from our threat intelligence and research
    • Get a bird’s eye view at aggregated data from our network and application penetration testing in 2014.
  • 7 Strategies to Cover Expanding IT Threats - Despite a Limited Staff Recorded: May 27 2015 62 mins
    Chris Harget, senior product marketing manager at Trustwave
    Increasing data and network complexity give hackers more to steal and more ways to steal it. Most organizations cannot hire enough skilled IT security personnel to keep up.

    Join us for this informative and timely webinar, in which our experts will offer you seven golden strategies to mitigate IT risk and help you:

    • Reduce the greatest risks first
    • Stretch your team for optimal results
    • Creatively augment budget, skills and headcount.
  • Application security threats Recorded: May 7 2015 61 mins
    Oliver Pinson-Roxburgh, EMEA Systems Engineering Manager at Trustwave and Tanya Secker, Managing Consultant, SpiderLabs
    Today's fastest-growing risk category is web application vulnerabilities.

    Join this live web event to better understand some of the common misconceptions around application security and hear some war stories from the field that demonstrate today's application security weaknesses.

    The presentation will take a look at:
    • How hackers are evolving to attack your applications
    • The most common application vulnerabilities
    • Remediation actions you can take to help limit your attack surface area
    • Considerations for designing security into your application.
  • How to stop malware the first time. 5 strategies that work. Recorded: Apr 16 2015 61 mins
    Stephen Brunetto, director of product management at Trustwave and Chris Harget, senior product marketing manager at Trustwave
    Targeted malware, zero-day vulnerabilities and advanced persistent threats are increasingly responsible for data breaches. Why? Because they work. Most security products have a hard time protecting from advanced malware. This problem is compounded because attackers can easily mass produce new malware variants. What’s an IT person to do?

    Join us to learn key techniques to stop modern malware the first time. We will discuss:
    •What tactics work
    •Where to apply them
    •How to optimize cost, staffing and security.
  • PCI 101: Getting Started with the Payment Card Industry Data Security Standard Recorded: Mar 18 2015 59 mins
    Greg Rosenberg, QSA, CISA Trustwave Security Engineer
    The Payment Card Industry Data Security Standard (PCI DSS) was created to help prevent credit card fraud. Any business that process, stores or transmits payment card data must be PCI DSS compliant.

    This webcast will help you understand the basics of PCI, the steps to become compliant, and how compliance can help you protect your business against a security breach.
  • Ask an Analyst: Evolving your security strategy to overcome business challenges Recorded: Mar 4 2015 61 mins
    Ed Ferrara, Forrester Analyst; Dan Kaplan, Trustwave Editor
    Organizations are having to cover more ground than ever when it comes to security. Yet businesses often lack the in-house skills and resources, so security leaders are turning to MSSPs to help bear the burden to ensure every area of risk is adequately attended to.

    Join us for an interactive discussion with guest speaker, Forrester Research VP and Principal Analyst, Ed Ferrara, to learn how MSS is changing the conversation for businesses to achieve security goals. Help drive the conversation by submitting a question for Ed in advance so we can tackle your biggest security concerns such as:

    • Overcoming the skills shortage
    • Where to focus the budget – spending trends across industries
    • The value of security – pitching it as an investment not a cost to business leaders
    • Improving business outcomes – leveraging MSSPs as a tactical arm to optimize IT security, efficiency and value
  • Database Security Threats: Risks to Your Data Recorded: Feb 26 2015 55 mins
    Oliver Pinson-Roxburgh, EMEA Systems Engineering Manager at Trustwave
    Today, businesses leverage confidential and mission critical data that is often stored in traditional, relational databases or more modern, big data platforms. Understanding the key threats to database security and how attackers use vulnerabilities to gain access to your sensitive information is critical to deterring a database attack.

    Join this webinar to learn about the latest threats and how to remediate them.
  • Future proof yourself with SpiderLabs forensic key indicators Recorded: Nov 27 2014 63 mins
    Oliver Pinson-Roxburgh, EMEA Systems Engineering Manager at Trustwave and Solomon Bhala, Senior Consultant at SpiderLabs
    During this event we will look back at Trustwave SpiderLabs forensic cases in order to identify trends that will help you prepare for the future.

    You will also get an inside view of how hackers have ransacked customer networks, giving you insight on how to protect your business from future attacks.

    During this webinar, we will discuss:
    •How to get into the mindset of the attacker
    •How to identify weak points in your network based on real cases
    •Lessons learned from the mistakes of others to get better at detecting compromise
    •How to limit your exposure in the future.
  • PCI 3.0 Is knocking on your door - are you ready? Recorded: Oct 16 2014 53 mins
    Mark Belgrove, Managing Consultant at Trustwave
    With the PCI DSS version 3.0 implementation deadline around the corner, organisations should be thinking about ways to prepare for the new requirements. With an evolving threat landscape, targeted attacks on sensitive data like yours and new technology platforms it may seem overwhelming to think about protecting your business.

    During this webinar, we’ll discuss:

    • Why PCI is so important in protecting your customers sensitive data and your business

    • How to secure your business and prepare for PCI 3.0

    • Tactics that will ensure compliance and security are always top-of-mind for you and your employees
  • Trustwave on Shellshock: What You Need to Know Recorded: Oct 1 2014 70 mins
    Karl Sigler, Threat Intelligence Manager, Trustwave
    Shellshock has made waves through the security community by earning a maximum CVSS score of 10 for overall criticality. As a security practitioner it is important for you to know what Shellshock is, how it works and how to protect your organization from being exploited by it. This Wednesday, October 1st Trustwave will host a webinar featuring Karl Sigler, Threat Intelligence Manager at Trustwave to get you the information you need to mitigate this new vulnerability. During this webinar, Karl Sigler will:

    · Communicate what the Shellshock vulnerability is and how it works
    · Identify the potential impact of Shellshock to your organization
    · Discuss how to detect if your systems are vulnerable to Shellshock
    · Explain best practices for securing your organization from Shellshock and other vulnerabilities
    · Answer your questions regarding this topic
  • Breaking Down the 2014 Trustwave Global Security Report Recorded: Sep 25 2014 56 mins
    John Yeo, Global Director at Trustwave SpiderLabs
    You’re invited to this live webcast where you’ll hear unique insights from the 2014 Trustwave Global Security Report – the data is as compelling as ever.

    This webcast will help you connect the insight and actionable advice to your organization’s data security challenges. Amid the key data points, you’ll hear the story behind the average breach and the state of the industry:

    •The volume is getting loud: cybercriminals continue to find new ways to steal data – and new types of data to steal
    •Passwords still plague business of all types: we’ll show you how and why
    •Self-detection shortens the time to detecting breaches, but self-detection isn't easy, find out why
  • PCI 3.0 is Knocking on Your Door: Are you Ready? Presented by Trustwave and ETA Recorded: Sep 23 2014 60 mins
    Greg Rosenberg, QSA, CISA Trustwave Security Engineer
    With the PCI DSS version 3.0 implementation deadline around the corner, organizations should be thinking about ways to prepare for the new requirements. With an evolving threat landscape, targeted attacks on sensitive data like yours and new technology platforms it may seem overwhelming to think about protecting your business.

    During this webinar, we’ll discuss:
    • Why PCI is so important in protecting your customers sensitive data and your business
    • How to secure your business and prepare for PCI 3.0
    • Tactics that will ensure compliance and security are always top-of-mind for you and your employees
  • The cost Implications of POPI aligned to Security Technologies Recorded: Sep 18 2014 63 mins
    Oliver Pinson-Roxburgh, EMEA Systems Engineering Manager, Trustwave
    In this webinar we will review the technical challenges that arise from the POPI bill and synergies with other standards in order to help align your approach to support compliance. We will take a look at the technologies that help meet compliance with the bill and their impact on organisations as well as how we can learn from other standards when building a technology roadmap to achieve compliance with POPI.
  • Malware Symposium: How to Defeat the Modern Cyber Enemy Recorded: Sep 17 2014 62 mins
    Michael Osterman, Osterman Research Analyst; Dan Kaplan, Trustwave Editor; Steve Brunetto, Trustwave Product Director
    In conjunction with Osterman Research, Trustwave will present a live panel discussion on the challenges of modern malware and how to effectively combat it.

    Trustwave editor Dan Kaplan will facilitate this discussion with Analyst Michael Osterman of Osterman Research, and Steve Brunetto, Director of Anti-Malware Product Management for Trustwave. This deep-dive session will investigate techniques modern malware uses to evade even “zero-day” detection methods, debunk misconceptions, and discuss what the next generation of malware prevention looks like.

    Following the discussion, audience members will be able to ask the panelists questions. Please join us for this interview-format webcast.
  • Recent Threat Discoveries Recorded: Sep 11 2014 63 mins
    Ziv Mador, VP of Security Research and Andy Crail, Senior Security Engineer
    Recent Threat Discoveries: New Point of Sale Malware and Insights about Exploit Kits and Weak Passwords

    In this presentation we will discuss:

    * Backoff, a new family of Point of Sale Malware

    * Magnitude, an Exploit Kit that became prevalent after the arrest of “Paunch”, the creator of Blackhole

    * And a recent study that shows that 54% of passwords can be cracked in minutes

    Join Ziv Mador, VP of Security Research and Andy Crail, Senior Security Engineer as they walk through some of the latest finds and intel coming from the elite hacking and research team within Trustwave, SpiderLabs.
Smart security on demand
Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than 2.7 million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective data protection, risk management and threat intelligence. Trustwave is a privately held company, headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit www.trustwave.com.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests
  • Live at: May 22 2012 4:00 pm
  • Presented by: Rob Havelt, Director of Penetration Testing at Trustwave SpiderLabs
  • From:
Your email has been sent.
or close
You must be logged in to email this