Attack Tactics: Part 1

Join us in the Black Hills InfoSec Discord server here: https://discord.gg/BHIS to keep the security conversation going! Learn active defense cyber deception with John Strand from Antisyphon Training: https://www.antisyphontraining.com/active-defense-cyber-deception-w-john-strand/ 00:00 - Preshow Announcements 02:14 - Overview 03:40 - Recon-ng and open source recon; Office 365 redirect 10:14 - Compromised credentials; Addition Recon Findings 17:50 - First Exploit Attempt; Next attempt/default creds 26:00 - Password Spray; OWA Access; Pulling down the Global Address List 33:30 - VPN instructions 35:18 - Mailsniper; VPN Access; Domain Recon; Kerberoasting 41:00 - GPP; Secondary C2 45:00 - Password Hashes; Crack Passwords; Search and Plunder 53:00 - Concluding Statements Description: John is starting a new series of webcasts called Attack Tactics. This first part  is a step-by-step walk-through of an attack BHIS launched against a customer, with just a few obfuscating tweaks. He covers the tools, how we used them and any other tricks we had to pull out for the attack. The second will be co-hosted by our sister company Active Countermeasures and will go through the defensive side. Stay tuned for more details about that! Slides available here: https://blackhillsinformationsecurity.shootproof.com/gallery/6843799 Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Active Countermeasures YouTube: https://youtube.com/activecountermeasures Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/ #bhis #infosec