Explore a comprehensive conference talk on red team operations and pentester mistakes. Delve into the challenges faced during penetration testing, including issues with encrypted drives, proxy logs, and DNS records. Learn about essential tools like Kali Linux, Metasploit, and Burp Suite. Discover techniques for analyzing DHCP logs, detecting pass-the-hash attacks, and monitoring Windows security logs. Gain insights into event log monitoring, brute force attack detection, and handling false positives. Examine a real-world pentest story, discussing both effective and ineffective ways to respond to unexpected situations. Reflect on the broader implications and lessons learned from this experience in the field of cybersecurity.
Overview
Syllabus
Introduction
What prompted this presentation
Sun Encrypted Drive
Proxy and DNS logs
Callouts
Kali Linux
Metasploit
Burp Suite
Nikto
MeltyGo
Korra
DHCP logs
Look at all DHCP addresses
Make it simple for yourself
Use sysinternals tool
Detect pass the hash
Get Windows security logs
Windows admins dont understand how this works
Microsofts Guide
NSA Guide
Event Log Monitoring
Event Log Detection
Brute Force Attacks
Username Guessing
False Positives
Port Scans
Pentest
Pen Test Story
The Gig Was Up
The Good Way To Respond
The Bad Way To Respond
Did I Work With Thee
The Bigger Takeaway
