How to Find a Company's BreakPoint - Andrew McNicol

Explore a comprehensive conference talk on modern-day hacking techniques and methodologies. Learn how to identify a company's vulnerabilities by going beyond basic scanning. Discover the intricacies of phishing attacks, including planning, domain selection, and scenario creation. Delve into web application vulnerabilities, with a focus on file inclusion. Understand the concept of Multicast Name Resolution Poisoning and its prevention. Examine SMB Relay Attacks, their automated processes, and preventive measures. Investigate account compromise techniques, including username enumeration, weak password exploitation, and default credential abuse. Gain valuable insights into useful trainings and resources for further learning in cybersecurity.

BreakPoint Labs
Modern Day Hacking
Agenda
Things Have Changed since the 90s
Overview
Our Methodology (High Level)
How to Go Beyond a Scan
Phishing: Planning
CEOs Reaction to Opening to Phishing Email
Phishing: Scenario
Phishing: Phishing Domains
Phishing: Finding Vulnerabilities
Phishing: Possible Scenarios
Web Application Vulnerabilities
Web App Vulns: File Inclusion
Web App Vulns: Step 3
Multicast Name Resolution Poisoning
Responder!
Enter Responder.py
Responder.py - Use Case 1 Rouge Services
Responder.py - Use Case 2 WPAD
Responder.py - Use Case 3 Analyze
Prevent Multicast Name Communication Attacks
So You Started a Scan
SMB Relay Attack Visual: Automated Process
SMB Relay Attack: Multicast Poisoning Cont.
SMB Relay Attack: Nessus Scanner Scenario
Prevent SMB Relay Attacks
Account Compromise
Acct Comp: Username Enumeration
Acct Comp: Automation Controls
Acct Comp: Weak Passwords
Acct Comp: Default and Shared
Final Thoughts and Tips
Useful Trainings & Links
Contact Us