Pen Test War Stories - Why My Job Is So Easy and How You Can Make It Harder
Offered By: YouTube
Course Description
Overview
Syllabus
Intro
External Network - Top Three
Password Spraying - Identify User Accounts
Active Reconnaissance
Password Spraying the Seasons Once you have your list of usernames begin password spraying.
Cheers to the Summer of 2017!
Weak Domain Passwords - Remediation
Metasploit Rogue SMB Server
Capture NTLMV2 Credentials
Good Users vs Bad Network Egress Rules
Lack of Multi-Factor Authentication (MFA)
Exposed Administrator Panels Used for website or application maintenance Enhanced feature set which is a highly valuable target
Lack of Principle of Least Privilege
Legacy Windows Broadcast Protocols
Hash Captured with Responder
SMB Relay Attack
MultiRelay.py Example
SMB Signing Disabled - Remediation
Cached Credentials - Remediation
Insecure Password Storage in GPP
Insecure GPP Password Storage - Remediation Apply B2962486 prevents password data from being stored in GPP
Pivoting through VPN Split Tunneling
VPN Split Tunneling - Remediation
Shared Virtual Center - Remediation
Conclusion
Related Courses
Web App Testing - EnumerationCyber Mentor via YouTube Ethical Hacking in 15 Hours - 2023 Edition - Learn to Hack
Cyber Mentor via YouTube I Simulate Therefore I Catch - Enhancing Detection Engineering with Adversary Simulation
YouTube CrackMapExec Owning Active Directory by Using Active Directory
YouTube Fun with LDAP and Kerberos - Attacking AD from Non-Windows Machines
WEareTROOPERS via YouTube