The current model for penetration testing is broken. The typical scan and exploit model don’t reflect how real attackers operate after establishing a foothold.
At the same time, most organizations aren’t mature enough to need a proper red team assessment. It’s time to start adopting the assumed breach model.
In this talk, I’ll discuss techniques for assumed breach assessments that provide a better model for emulating the techniques attackers use once they’re they’ve established a foothold inside a typical network.