Attack Tactics: Part 1
16.7 هزار بار بازدید -
6 سال پیش
-
Join us in the Black
Join us in the Black Hills InfoSec Discord server here: Discord: discord to keep the security conversation going!
Learn active defense cyber deception with John Strand from Antisyphon Training: https://www.antisyphontraining.com/ac...
00:00 - Preshow Announcements
02:14 - Overview
03:40 - Recon-ng and open source recon; Office 365 redirect
10:14 - Compromised credentials; Addition Recon Findings
17:50 - First Exploit Attempt; Next attempt/default creds
26:00 - Password Spray; OWA Access; Pulling down the Global Address List
33:30 - VPN instructions
35:18 - Mailsniper; VPN Access; Domain Recon; Kerberoasting
41:00 - GPP; Secondary C2
45:00 - Password Hashes; Crack Passwords; Search and Plunder
53:00 - Concluding Statements
Description: John is starting a new series of webcasts called Attack Tactics. This first part is a step-by-step walk-through of an attack BHIS launched against a customer, with just a few obfuscating tweaks. He covers the tools, how we used them and any other tricks we had to pull out for the attack.
The second will be co-hosted by our sister company Active Countermeasures and will go through the defensive side. Stay tuned for more details about that!
Slides available here: https://blackhillsinformationsecurity...
Black Hills Infosec Socials
Twitter: Twitter: BHinfoSecurity
Mastodon: https://infosec.exchange/@blackhillsi...
LinkedIn: LinkedIn: antisyphon-training
Discord: Discord: discord
Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: https://www.blackhillsinfosec.com/ser...
Penetration Testing: https://www.blackhillsinfosec.com/ser...
Incident Response: https://www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: https://www.backdoorsandbreaches.com/
Play B&B Online: https://play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: https://www.antisyphontraining.com/pa...
Live Training: https://www.antisyphontraining.com/co...
On Demand Training: https://www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest YouTube: wildwesthackinfest
Active Countermeasures YouTube: activecountermeasures
Antisyphon Training YouTube: antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/
#bhis #infosec
Learn active defense cyber deception with John Strand from Antisyphon Training: https://www.antisyphontraining.com/ac...
00:00 - Preshow Announcements
02:14 - Overview
03:40 - Recon-ng and open source recon; Office 365 redirect
10:14 - Compromised credentials; Addition Recon Findings
17:50 - First Exploit Attempt; Next attempt/default creds
26:00 - Password Spray; OWA Access; Pulling down the Global Address List
33:30 - VPN instructions
35:18 - Mailsniper; VPN Access; Domain Recon; Kerberoasting
41:00 - GPP; Secondary C2
45:00 - Password Hashes; Crack Passwords; Search and Plunder
53:00 - Concluding Statements
Description: John is starting a new series of webcasts called Attack Tactics. This first part is a step-by-step walk-through of an attack BHIS launched against a customer, with just a few obfuscating tweaks. He covers the tools, how we used them and any other tricks we had to pull out for the attack.
The second will be co-hosted by our sister company Active Countermeasures and will go through the defensive side. Stay tuned for more details about that!
Slides available here: https://blackhillsinformationsecurity...
Black Hills Infosec Socials
Twitter: Twitter: BHinfoSecurity
Mastodon: https://infosec.exchange/@blackhillsi...
LinkedIn: LinkedIn: antisyphon-training
Discord: Discord: discord
Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: https://www.blackhillsinfosec.com/ser...
Penetration Testing: https://www.blackhillsinfosec.com/ser...
Incident Response: https://www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: https://www.backdoorsandbreaches.com/
Play B&B Online: https://play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: https://www.antisyphontraining.com/pa...
Live Training: https://www.antisyphontraining.com/co...
On Demand Training: https://www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest YouTube: wildwesthackinfest
Active Countermeasures YouTube: activecountermeasures
Antisyphon Training YouTube: antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/
#bhis #infosec
6 سال پیش
در تاریخ 1397/03/14 منتشر شده
است.
16,727
بـار بازدید شده