Explore a comprehensive conference talk on red team operations and pentester mistakes. Gain insights into the perspective of blue team members and service desk personnel while learning about common pentester errors. Discover techniques for detecting pentesters, including analyzing logs, monitoring user agent strings, and identifying suspicious MAC addresses. Delve into topics such as pass-the-hash attacks, Kerberos, and brute force attempts. Learn about incident response plans and creative approaches to handling pentester activities. Benefit from real-world stories and practical advice on improving security operations and effectively managing penetration testing engagements.
Overview
Syllabus
Introduction
Pentester Mistakes
Who am I
Meet Jeremy Nie
I love security operations
The Matrix
Gordon Ramsey
The View of Blue Team
Service Desk Monkey
Network Cables
Response Plan
Looking For Assets
Whats In The Box
Not Encrypted
Identifying Information
Bash History
What Happens Next
DeTroyes
Pentester Rant
I Cant Blame Them
Last Time I Gave This Presentation
The Real Point
Simple Use Cases
Logs
Log aggregator
Big takeaway
Slides
Pentester Tools
Proxy Logs
Detecting Pentesters
Cali Callouts
Metasploit
Web Application Assessments
User Agent Strings
MTGO
Meltego
Core Impact
Pen Tester Tools
Reconnaissance
Detecting Road Machines
Pulling DNS and DHCP logs
Finding MAC addresses
Monitoring MAC addresses
Net standard naming conventions
If you see things that stand out
Use PS logged in
Detect Pass the Hash attacks
Gather Windows Security Logs
Pass The Hash
Pass The Hash Guide
Windows Event Log Monitoring
Pass The Hash Attacks
Kerberos
Arcsight
Pentester
Brute Force Attacks
Firewall Logs
Am guessing
False positives
Port scanning
Port scanning as an address
What do you do next
Disclaimer
Story Time
Pentesters
Incident Response Plan
Dont Unplug Devices
Why Not Bug Them
Be Creative Be Careful
Recap
Any Questions
