Focus on Virus
Replicating the Gonzalez Cyber Attacks through Penetration Testing Nov 21 2009 12:07AM
Core Security (sfa securityfocus com)

"Replicating the Gonzalez Cyber Attacks through Penetration Testing"

Recently, we saw the indictment of cybercrime kingpin Albert Gonzalez, one of the accused masterminds behind high-profile data breaches at Heartland Payment Systems, Hannaford Bros. Supermarkets, 7-Eleven, and TJX. Next week, Core Security Technologies will present a hands-on look at the attacks Gonzalez and his co-conspirators are believed to have used in breaching these organizations.

Leveraging the actual indictment document as a guide, Core Security senior product manager Alex Horan will use CORE IMPACT Pro penetration testing software to demonstrate the techniques by which Gonzales allegedly stole millions of credit card numbers* - showing you how to identify IT exposures in your own environment before cybercriminals do.

> Register here:

During the webcast, you'll see a step-by-step depiction of an attack similar to that described in the Gonzalez indictment, including the following critical stages:

* the initial web application compromise via SQL Injection
* the use of a well-known backend database command to make the attacks even
* more invasive
* the planting of malware on the backend database server
* the collection and transmission of credit card transactions to the
* attackers

Through the demonstration, you'll also learn how commercial-grade penetration testing software enables you to see your IT systems as an attacker would -- not only by determining if the kinds of issues that Gonzalez reportedly leveraged are present in your environment, but also by ...

* assessing how deployed defenses react to specific threats
* revealing what systems and data would be exposed by a breach
* depicting how chains of vulnerabilities open paths to mission-critical
* systems and information
* providing actionable data for immediately mitigating critical exposures
* repeating tests to ensure the effectiveness of remediation efforts

This webcast is ideal for anyone interested in proactively assessing their security posture against real-world cyber threats.

> Register here:

This list is sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
technical event for ICT security experts. Featuring 30 hands-on training
courses and 90 Briefings presentations with lots of new content and new
tools. Network with 4,000 delegates from 70 nations. Visit product
displays by 30 top sponsors in a relaxed setting.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus