Overview
Syllabus
Intro
External Network - Top Three
Password Spraying - Identify User Accounts
Active Reconnaissance
Password Spraying the Seasons Once you have your list of usernames begin password spraying.
Cheers to the Summer of 2017!
Weak Domain Passwords - Remediation
Metasploit Rogue SMB Server
Capture NTLMV2 Credentials
Good Users vs Bad Network Egress Rules
Lack of Multi-Factor Authentication (MFA)
Exposed Administrator Panels Used for website or application maintenance Enhanced feature set which is a highly valuable target
Lack of Principle of Least Privilege
Legacy Windows Broadcast Protocols
Hash Captured with Responder
SMB Relay Attack
MultiRelay.py Example
SMB Signing Disabled - Remediation
Cached Credentials - Remediation
Insecure Password Storage in GPP
Insecure GPP Password Storage - Remediation Apply B2962486 prevents password data from being stored in GPP
Pivoting through VPN Split Tunneling
VPN Split Tunneling - Remediation
Shared Virtual Center - Remediation
Conclusion