Overview
Explore innovative penetration testing techniques in this 55-minute conference talk from BSides Cleveland 2015. Discover how to evolve traditional pentests into objective-driven assessments that require thinking outside the box. Learn about manufacturing heists, leveraging trust through phishing, bypassing sandbox technology, and exploiting compromised systems. Delve into topics like proper network segmentation, physical implants, PCI pentesting, and domain admin compromises. Gain insights on clear-text credential harvesting, Kerberos token manipulation, and SSH exploitation. Understand the concept of SHIPS, connectors, and PTF basics. Master token and password hunting techniques, including quick code demonstrations for efficient password discovery.
Syllabus
Intro
About Lawry
Testing Focus
Evolving Pentests to: Objective Penetration Testing
Requires Thinking Outside of the Box
Manufacturing Heist
Phishing First!
Using Trust
Bypassing Sandbox Technology
Compromised Boxes
Proper Segmentation
Using Physical
Implant
PCI Pentest
Port Scan PCI Ranges
Responder
Domain Admins
Clear-Text Creds/Kerberos Tokens
Pageant.exe Running
SSH @
Having Fun With It
Concept of SHIPS
Connectors
PTF Basics
Token/Password Hunter
Quick Code (Password Hunter)