Pen Test War Stories - Why My Job Is So Easy and How You Can Make It Harder

Explore pen testing techniques and common security vulnerabilities in this 49-minute conference talk from GrrCON 2017. Dive into external network attacks, focusing on password spraying, active reconnaissance, and exploiting weak domain passwords. Learn about Metasploit's rogue SMB server, capturing NTLMV2 credentials, and the dangers of exposed administrator panels. Examine the risks associated with lack of multi-factor authentication, principle of least privilege, and legacy Windows broadcast protocols. Discover SMB relay attacks, insecure password storage in Group Policy Preferences, and pivoting through VPN split tunneling. Gain insights on remediation strategies for various vulnerabilities, including SMB signing, cached credentials, and shared virtual centers. Enhance your cybersecurity knowledge and learn how to make a pen tester's job more challenging.

Intro
External Network - Top Three
Password Spraying - Identify User Accounts
Active Reconnaissance
Password Spraying the Seasons Once you have your list of usernames begin password spraying.
Cheers to the Summer of 2017!
Weak Domain Passwords - Remediation
Metasploit Rogue SMB Server
Capture NTLMV2 Credentials
Good Users vs Bad Network Egress Rules
Lack of Multi-Factor Authentication (MFA)
Exposed Administrator Panels Used for website or application maintenance Enhanced feature set which is a highly valuable target
Lack of Principle of Least Privilege
Legacy Windows Broadcast Protocols
Hash Captured with Responder
SMB Relay Attack
MultiRelay.py Example
SMB Signing Disabled - Remediation
Cached Credentials - Remediation
Insecure Password Storage in GPP
Insecure GPP Password Storage - Remediation Apply B2962486 prevents password data from being stored in GPP
Pivoting through VPN Split Tunneling
VPN Split Tunneling - Remediation
Shared Virtual Center - Remediation
Conclusion