Libertyunix
  • About.me
  • Getting Started
    • Kali Images
    • Setting Up Your Kali Box
  • CheetSheets
    • OSCP Fun
    • Active Directory
    • Windows
    • 802-11 Wireless
    • Enumeration
    • Payloads
    • Secure Copy Protocol
    • Privilege Escalation
    • Tunneling
    • Red Team Playbook
    • Oneliners for Code Execution
  • PenTesting & Red Teaming
    • Python for Exfil
    • Using MSBuild to Execute Shellcode in C#
    • Social Engineering Tricks
    • Setting Up Caldera & Atomic Red-Team
    • Discovering & Exploiting Buffer Overflows
  • Wireless
    • An Introduction to IoT Penetration Testing
    • An Introduction to BLE - Part 1
    • BLE Deep Dive
    • Proxmark 3
  • Hack The Box
    • Fuse
    • Blunder
    • Unblanced
    • Tabby
  • Threat Hunting
    • Threat Hunter Playbook
  • DFIR
    • Creating Windows USB for DFIR & Fun (DRAFT)
  • Talks, Workshops, & WriteUps
    • The Portable Executable (PE) (DRAFT)
    • Resume
    • Presented Research
    • Offensive Security 101 Workshop
Powered by GitBook
On this page
  • Presented Research
  • BSIDES Philly 2016 - Where Do I Start?
  • BSIDES Philly 2017 & WOPR SUMMIT - Introduction to IoT Penetration Testing
  • BSIDES Delaware & PumpCon - Exploiting IoT - An Introduction to BLE
  1. Talks, Workshops, & WriteUps

Presented Research

PreviousResumeNextOffensive Security 101 Workshop

Last updated 5 years ago

Presented Research

BSIDES Philly 2016 - Where Do I Start?

With breaches dominating the headlines, businesses are quickly starting to realize the critical nature of information security. What makes information security so difficult to manage is the fact that an organization can invest endless amounts of money into the 101 solutions that exist and still be pwned with a single email. At the end of the day organizations don’t understand InfoSec and how to properly train employees. Security awareness training is one of three things for most organizations:

  • Stale PowerPoint that teach employees nothing about information security

  • A checkbox on an audit form

  • Something they have never heard of

My current position as landed me various interactions with businesses that are outside the traditional “audit” spectrum of InfoSec. Simply put for the past 10 years organizations have only incorporate some level of InfoSec into the business because they “had to.” The times haves changed as organizations are starting to adopt security because the “need to/want to.” Problem being “Where do I start?” Pulling from past experience as a physical security engineer and penetration tester this talk will discuss various concepts of SE, how organizations can improve their security by properly training employees and how I am currently trying to bring security to organizations via their culture instead of one two hour talk employees only hear once a year if at all.

BSIDES Philly 2017 & WOPR SUMMIT - Introduction to IoT Penetration Testing

IoT devices are one of the biggest challenges for security professionals now and will continue to be in the future. The security of these devices is critical as more of these insecure devices come to market. As professional we need to have an idea how these devices effect our organization. In this talk we will explore the basic principles of IoT PenTesting, how to build an effective toolset, reverse engineering, and analyzing wireless signals with SRD.

BSIDES Delaware & PumpCon - Exploiting IoT - An Introduction to BLE

BLE is one of the most common wireless protocols used in IoT devices today. This talk will follow the BLE protocol and apply a 4 phases approach to assessing the security of these devices: Reconnaissance, Sniffing and Capturing, Extracting Sensitive Data, and Exploitation. This talk will demo exploits of IoT devices and walk attendees through the tools and processes to testing similar devices and creating their own CTF to practice on.

Where do I start? - Charles Sgrillo II BSides Philadelphia 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)
Logo
IoT devices are one of the biggest challenges - Charles @libertyunix Sgrillo BSides Philadelphia 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)
Logo