Attack Tactics: Part 3! No Active Directory? No Problem!!

Join us in the Black Hills InfoSec Discord server here: https://discord.gg/BHIS to keep the security conversation going! Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- https://www.blackhillsinfosec.com/ 00:00 - Preshow Announcements 03:27 - Disclaimer 07:30 BYOD and Cloud; Network Blocks 12:41 - Eyewitness 17:11 - Shodan/ images.shodan.io 24:30 - Scraping Users with Google and Burp; Password Spraying 30:22 - Attacking Google 2FA; Phishing Ruse 35:03 - Credsniper 42:14 - Getting Documents; Changing Firewall 45:02 - Takeaways 49:27 - Q&A Description: For this next installment of our Attack Tactics webcast series, John Strand looks at an environment that had no Active Directory. This is odd, but it's becoming more and more common for new companies to have everything in the "cloud" and everything BYOD. This is also a great case-study on how to access services like Git, Slack, Gsuites, Salesforce and so on, because even if you are still using AD, you WILL be moving to the cloud. This webcast is for everyone. Finally, as testers, we need to evolve our testing to be able to successfully test these cloud services. This means we all need to up our game and be ready for the next round of cloud-based enterprise technologies! Slides can be found here: https://www.blackhillsinfosec.com/webcast-attack-tactics-3/ Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Active Countermeasures YouTube: https://youtube.com/activecountermeasures Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/ #bhis #infosec