Attack Tactics: Part 2

Join us in the Black Hills InfoSec Discord server here: https://discord.gg/BHIS to keep the security conversation going! Learn active defense cyber deception with John Strand from Antisyphon Training: https://www.antisyphontraining.com/active-defense-cyber-deception-w-john-strand/ 00:00 - Preshow Announcements 03:00 - Overview 04:51 - Defense against recon 10:56 - Other recon findings 11:11 - First and second attempts; Defense 22:30 - John Strand Snowball of Pain 25:23 - Password Spray 34:45 - OWA Access; Defense 36:55 - OWA Access and Pull down the Global Address List; Looking for VPN Instructions; Defense 45:24 - Mailsniper Searching/Defense; VPN Access Defense; Honeybadger 49:57 - Defense against Domain Recon/SIM; Kerberoasting/GPP and Defense 53:54 - Using Creds and Moving Laterally/Defense 57:16 - Secondary C2 Defense 58:30 - Tips Description: This is the second part of John's series about Attack Tactics. In the first part we discussed how we'd attack. Now, we cover the same attack, but this time we are covering the defensive components the organization could have implemented to stop us every step of the way. "We cover event logs, new vendors, SIEM, UBEA and yes... I hate to say it... Cyber Kill Chain. Remember, the goal is to make your next pentester cry; to make hackers give up and most importantly to have puppies and kittens everywhere love you." - John Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Active Countermeasures YouTube: https://youtube.com/activecountermeasures Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/ #bhis #infosec