lecture: Lessons learned while Pentesting Travel Industry

What worked, what didnt!


As the current CEO of Enigmasec a Cybersecurity firm in Spain myself and my tiger-team have engaged many pentestings in all sorts of fields, specially in the Travel Industry, the talk will show what worked, what didnt, and conclusion what will eventually work.

The talk will be hopefully usefull in the following scenarios:

- People/students with little field real life experience in pentesting
- Sysadmins who wish to fix the broken things we still exploit
- Travel industry, media, general awareness.

The talk will be presented in a friendly, casual way, first from a Red team perspective; real stories, our succeses and failures as well as some of the tricks we use to engage efficient Phishing campaings, social engeenering.

Next perspective will be Blue team as incident response in some of the cases, dirty tricks we saw in "CEO-Phishing targetted campaings" what did we get right and some lessons learned.

The end of the talk is my own and personal bet on how the use of the adversarial narrative is the new model for disinformation and how can this magnify potential mass-targetted attacks on bigger organizations.


Day: 2019-09-13
Start time: 15:30
Duration: 00:30
Room: Pupin


Concurrent events