OrangeCon

Be lazy like a cat, making pentesting fun again
2024-09-05 , Workshop track 2

Effective pentesting is labor-intensive, especially when it comes to validation and reporting. Standardization can help, but it may also inadvertently increase the workload. In this workshop, you will receive practical tools and strategies to reduce the workload by making standardization a part of the solution.

Join us and discover how to streamline your pentesting processes, enhance efficiency, and achieve superior results without the added stress.


Join us for an engaging workshop designed for security enthusiasts eager to improve their vulnerability assessment and reporting skills.

In this session, you'll learn how to accurately describe vulnerabilities, detail reproduction steps, assess impact, and provide effective remediation advice. We'll introduce an advanced methodology that significantly reduces the time required for these tasks.

Participants will gain access to specialized templates that streamline the vulnerability reporting process, making it more efficient and less time-consuming. After a brief explanation of the methodology, you will have the opportunity to apply the templates in practical exercises, gaining firsthand experience and enhancing your cybersecurity skills.

This workshop is perfect for anyone passionate about security, looking to enhance their technical skills, and seeking efficient methods for vulnerability assessment and reporting.

Brenno de Winter has been involved in security since his early years. For 15 years he was a renowned Dutch investigative journalist. Born on December 6, 1971, in Ede, Netherlands, de Winter has made significant contributions to the field of information security and privacy. He is best known for his work in uncovering vulnerabilities in public and private sector IT systems, often bringing to light the importance of cybersecurity.

De Winter started his career as a programmer, but had several roles. In 2001 he became a journalist and quickly gained a reputation for his thorough investigative techniques and commitment to transparency and public accountability. His notable works include exposing security flaws in the Dutch public transport chip card (OV-chipkaart) and various governmental IT systems, which prompted widespread public discourse and policy changes.

In addition to his journalism, de Winter is a sought-after speaker and educator on topics related to cybersecurity, privacy, and digital rights. He has authored several articles and books, sharing his extensive knowledge and advocating for stronger security measures and better data protection practices.

Throughout his career, Brenno de Winter has received numerous accolades for his contributions to the field, cementing his status as a leading figure in cybersecurity and investigative journalism in the Netherlands and beyond.

He is the 'catfather' of the OpenKAT-project and currently leads the effort of standardizing penetration testing.

This speaker also appears in:

I am a security researcher, speaker and entrepreneur. Do you rely upon your own IT network, applications or website(s) and are you unsure about its technical security status? As a specialist in information security, I will help you to regain control over your IT environment and infrastructure, investigate what is going on and solve it! 24 Hours a day, 7 days a week.

In my spare time, I report security vulnerabilities to organizations in an effort to make the digital landscape safer. I also take care of workshops, presentations and lectures on the dangers of the Internet for more and better awareness within organizations.

I am frequently asked by the media to explain the dangers of the digital landscape. In 2017 I was featured in the New Revu, explaining the new dangers for organizations, such as Ransomware, Internet-of-Things and other digital threats.

I am currently focusing on these subjects:
- Implementing CIS, performing CIS Benchmarks
- Implementing and endorsing open security standards (OWASP WSTG, OWASP MSTG, PTES, Norea DigiD, CVSSv3.1)
- Penetration testing
- Incident Response (IR)
- Root-cause analysis & Failure mode and effects analysis (FMEA)
- Threat Hunting
- Threat Intelligence
- Automated Intelligence Gathering
- Open-Source Intelligence (OSINT)