2024-11-15 –, Auditorium
A Year in the Life of a Penetration Tester
In the world of penetration testing, success is as much about creativity and intuition as it is about technical prowess. Over the past year, I’ve had the opportunity to dive deep into a range of systems, from enterprise networks to cloud environments, uncovering vulnerabilities that might seem invisible at first glance. This talk will take you behind the scenes of my journey as a penetration tester, blending the science of structured exploitation with the art of thinking outside the box.
This talk will highlight a finding from the past year involving a long attack chain in a financial system, starting with a minor misconfiguration in a GitHub Action. This small flaw allowed privilege escalation, lateral movement, and eventually full backend access, showcasing how seemingly minor vulnerabilities can unravel an entire system.
Jesper Larsson is a freelance IT security researcher and penetration tester focused on cloud and infrastructure security. Jesper is a member of the well-renowned penetration testing firm Cure53, where he works for multinational clients spanning several fields, helping companies and foundations implement secure infrastructures worldwide. In addition, Jesper has also made an appearance in the movie industry, with his participation as one of the hackers in the SVT production "_Hackad". Furthermore, He is one of the co-founders and organizers of SecurityFest, a technical IT-Security conference on the Swedish west coast, and Säkerhetspodcasten, Sweden's first IT-Security-focused podcast.