Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 0:54 Background behind this webcast, what and why 7:02 Creating resources in Active Directory, User accounts, Groups, and Dummy Computer accounts 18:54 Tools, ResponderGuard, General flow of attacks, reconnaissance, deception and planted credentials 38:12 Password Spraying, honey users, […]
Brian Fehrman // Many of you have likely heard of Domain Fronting. Domain Fronting is a technique that can allow your C2 traffic to blend in with a target’s traffic by making it appear that it is calling out to the domain owned by your target. This is a great technique for red teamers to […]
TJ Nicholls // *BHIS Guest Contributor TL;DR How many times have you had to parse the same output from a tool? Wouldn’t you like to get that time back? There is a lot of overlap in the tools we use and the workflows we perform as information security professionals. Let’s not reinvent the wheel every […]
Brian B. King // This is a companion post to BBKing’s “Hack for Show, Report for Dough” report, given at BSides Cleveland in June 2019. The fun part of pentesting is the hacking. But the part that makes it a viable career is the reporting. You can develop the most amazing exploit for the most surprising […]
Download presentation slides: https://www.activecountermeasures.com/presentations/ So we went through an attack in the BHIS Webcast, “Attack Tactics 5! Zero to Hero Attack.” Then we went through the defenses in a follow-up webcast, “Attack Tactics 6! Return of the Blue Team,” and now we need to have a talk about logs. Here is the deal, most of […]
This webcast was originally given live on June 5th, 2019 by John Strand and the BHIS (card) Testers. How To Play! download and print a pdf version of “how to play” So we have been working on a card game for Incident Response over the past few months and it is ready for a dry […]
Click on the timecodes to jump to that part of the video (on YouTube) 2:26 Introduction, background history covering LaBrea Tar Pits and ARP Cache Poisoning and how they relate to this webcast and how “eavesarp” basically works. 14:15 Demo of “eavesarp” against a Stale Network Address Configuration (SNAC) attack. 28:45 Q&A This webcast was […]
Justin Angel// Introduction In penetration testing, ARP is most commonly discussed in terms of poisoning attacks where an attacker achieves a man-in-the-middle (MITM) position between victim nodes by contaminating the ARP cache tables of neighboring hosts. While initially inspired by this technique and the desire to derive a means of passively obtaining a list of […]
Beau Bullock// TL;DR Check-LocalAdminHash is a new PowerShell script that can check a password hash against multiple hosts to determine if it’s a valid administrative credential. It also has the ability to exfiltrate all PowerShell PSReadline console history files from every profile on every system that the credential provided is an administrator of. Get Check-LocalAdminHash […]
