On this webcast, we’ll guide you through an iterative process of building and deploying effective and practical Group Policy Objects (GPOs) that increase security posture. Download slides: https://www.activecountermeasures.com/presentations/ 0:45 Introducing what a kill chain is and general background you need for this webcast 15:53 Getting into group policies, best practices, group policies that we’re not covering […]
Brian King // Recon-ng had a major update in June 2019, from 4.9.6 to 5.0.0. This post is meant to help with the adjustment by providing a cheat sheet for common commands and mapping of some old syntax to the new syntax. If you’re at all like me, you’ll assume that what you know from […]
Sally Vandeven // We have all heard people talk about how much cooler Linux is than Windows, so much easier to use, etc. Well, they are not necessarily wrong… but we have learned that Microsoft has some very interesting gems hiding in plain sight. Seriously, Microsoft seems to be making a concerted effort to add some […]
Ray Felch // Disclaimer: Be sure to use a faraday bag or cage before transmitting cellular data so you don’t accidentally break any laws by illegally transmitting on regulated frequencies. Additionally, intercepting and decrypting someone else’s data is illegal, so be careful when researching your phone traffic. Some useful terminology: Mobile Phone Related: MS mobile […]
Kayla Mackiewicz // Last year, fellow tester Jordan Drysdale wrote a blog post about Cisco’s Smart Install feature. His blog post can be found here. If this feature is enabled on a Cisco device, an attacker can download or upload a config file and even execute commands. Whether you use the Smart Install feature or […]
Ray Felch // Disclaimer: Be sure to use a faraday bag or cage before transmitting cellular data so you don’t accidentally break any laws by illegally transmitting on regulated frequencies. Additionally, intercepting and decrypting someone else’s data is illegal, so be careful when researching your phone traffic. Preface: I held an Advanced Amateur Radio Operator […]
Download slides: https://www.activecountermeasures.com/presentations/ More info: https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/ 2:09 Introduction to the types of cards in the deck, pricing, why we created B&B 10:25 Basic setup for playing the game and how to play the game 18:03 Breaking down cards and how they work 35:54 Demo Game 1 44:39 Demo Game 2 54:50 Questions and comments This […]
Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 00:40 Intro, background information, how to deal with the psychology and politics in your company 15:34 Reviewing different cards in Backdoors & Breaches, Server Analysis 22:39 Security Information and Event Management Log Analysis (SIEM) 31:12 Firewall Logs, Zeek, and […]
Carrie Roberts // *Guest Blog You have a password hash you would like to crack for a password that contains an Umlaut. You know, the two dots over a letter as is commonly seen in the German language. For our example here, we have the Windows password hash of the password “Möm Rülez!” I know, […]
