Please NOTE This will be a REMOTE meeting ONLY.

Topic & Speaker

Breaching a Network With Risk-Accepted Vulnerabilities

Robert Neel

Founder & CEO of PEN Consultants

Offensive Security Testing

Synopsis

BLUF: A hacking demonstration.

A step-by-step walkthrough of a series of common, low severity, often risk-accepted vulnerabilities in corporate networks and how we string them together into an attack - going from knowing nothing to having remote access into the network and then finding and exporting the most sensitive of data. The presentation will demonstrate the ease of discovery and exploitation, without the need for social engineering or anything sophisticated.

Each step of the attack chain will be demonstrated from the attacker’s side, and recommendations provided that can help mitigate and detect the activity. Most organizations are vulnerable to this attack.

Attack techniques will include: Recon, User Enumeration, Password Spraying, MFA bypasses, Privilege Escalation, Lateral Movement, Finding and Collecting Sensitive Data, Defeating DLP, Exfil, and more.

Biography

Robert Neel has over 25 years of experience in cybersecurity, including 7 years in the government sector and 18+ years in the private sector. Job roles have included:

• System and network administrator for a church while in college and later a school district in the DFW area
• Computer hardware engineer on a SBIRS satellite string at Lockheed Martin - “Star Wars” / SDI / STSS - tracking heat signatures, such as rockets and missiles, to give early warning of an attack, as well as global surveillance for what is now part of Space Force
• Nation-state hacker at the National Security Agency (NSA) - Global Network Exploitation Vulnerability Analyst (GNEVA) - looking for vulnerabilities in nation-state adversary devices and software (computer systems, software, phones, network gear, etc.), then writing proof-of-concept exploits, that eventually military operators used to gain access for surveillance and intelligence gathering purpose in support of the warfighter
• Red team lead at USAA - a bank for members of the military and their families - started and led their red team, playing the role of an adversary for 5 years, constantly hacking into the bank, and then telling them how to mitigate it
• Founder and CEO, PEN Consultants - Offensive Security Services (information and cybersecurity testing)

Meeting Agenda

• Chapter Business - 12:00 - 12:15
• Chapter Business - 12:15 - 1:00
• Q&A and Networking - 1:00 - 1:30

Continuing Professional Education (CPE) Credit

The membership chairperson will submit one or more CPEs for this event for ISC2 members. Please bring your ISC2 membership number to the meeting. Attendees will also receive an attendance receipt via email from the Chapter's Board members to support continuing education requirements.