Explore advanced red teaming techniques in this DerbyCon 4 conference talk. Delve into the evolution of penetration testing and cyber kill-chain methodologies, comparing traditional approaches with modern PowerShell-based tactics. Learn about Windows domain trust exploitation, user hunting, and escalation strategies. Discover techniques for maintaining persistence, including the infamous Golden Ticket attack. Gain insights on efficient file and share discovery methods, and witness a live demonstration of targeted trojanation. Enhance your red team operations with a blend of time-tested and cutting-edge tactics presented by David McGuire and Will Schroeder.
Overview
Syllabus
Intro
@davidpmcguire
tl;dr
Pentesting
Red Team Operations
Cyber Kill-Chain :
Bridging the Gap
Nothing New?
Landing on the Beachhead
Old School: User Hunting
New(est) School: PowerShell
Windows Domain Trusts 101
Old School: nltest
Old School: dsquery/dsget
New School: Trusts and PowerShell
New(est) School: PowerView
Escalation and Pivoting
Moving Beyond the Beachhead
Old School: Escalation
Old School: Tokens
New School: Escalation
New School: Token Manipulation
New School: Mimikatz FTW
Keeping the Door Open
New School: Local Persistence
The Golden Ticket
A LOOONNNGGG Time
Files on Files
Old School: Finding Shares
Old School: Finding Files
New School: Finding Shares
New School: Finding Files
New School: Targeted Trojanation
Demo
Recap
Questions?
