Finding a Company's BreakPoint - Zachary Meyers

Explore modern-day hacking techniques and methodologies in this 46-minute conference talk from BSides NoVa 2017. Delve into the evolving landscape of cybersecurity, focusing on how to go beyond basic scanning and identify a company's vulnerabilities. Learn about advanced phishing strategies, web application vulnerabilities, multicast name resolution poisoning, and SMB relay attacks. Discover practical prevention methods and gain insights into account compromise techniques, including username enumeration and weak password exploitation. Conclude with valuable tips, useful training resources, and links to enhance your cybersecurity knowledge and skills.

BreakPoint Labs
Modern Day Hacking
Agenda
Things Have Changed since the 90s
Overview
Our Methodology (High Level)
How to Go Beyond a Scan
Phishing: Planning
CEOs Reaction to Opening the Phishing Email
Phishing: Scenario
Phishing: Phishing Domains
Phishing: Finding Vulnerabilities
Phishing: Campaign Types
Web Application Vulnerabilities
Web App Vulns: File Inclusion
Web App Vulns: Step 4
Multicast Name Resolution Poisoning
Responder!
Enter Responder.py
Responder.py - Use Case 1 Rouge Services
Responder.py - Use Case 2 WPAD
Responder.py - Use Case 3 Analyze
Prevent Multicast Name Communication Attacks
So You Started a Scan
SMB Relay Attack Visual: Automated Process
SMB Relay Attack: Example Cont. (2)
SMB Relay Attack: Nessus Scanner Scenario
4. Prevent SMB Relay Attacks
Account Compromise
Acct Comp: Username Enumeration
Acct Comp: Automation Controls
Acct Comp: Weak Passwords
Acct Comp: Default and Shared
Final Thoughts and Tips
Useful Trainings & Links
Contact Us