Kent and Jordan are back to continue their journey to make the world a better place. This time around, they will be reviewing a series of tools commonly used on pentests to identify flaws in Active Directory and general network design and implementation.
You’ve probably heard of most of them, like BloodHound, ADExplorer, mimikatz…, wait, Mimikatz as a Blue Team? Yeah, it might be a bit of a stretch, but they’ll get there. Even better, with an introduction to various adversarial simulation frameworks, you can start your own journey of constant improvement. Nmap, CrackMap, BingMaps, and Domain Password Spray. (Re: BingMaps — just checking to see if you’re actually reading these, at this point, our response rate records keep getting shattered, and we just want someone to call us out – the BingMaps API is really cool though).
In a world seemingly gone mad, come find some solace with these two as they share new discoveries, a tool drop from Kent (which will potentially change the BloodHound game), and more.
Let’s help the world detect attacks at a higher rate! Let’s skew the Verizon DBR’s reported numbers! Let’s get better together!
Thanks, as always, and we look forward to spending time with those of you who can join us
Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_RedTeamToolsBlueTeamPerspective.pdf
0:00 – Big Fish
0:28 – Question & Enhance
2:51 – Executive Summary
3:58 – Executive Problem Statement
8:48 – Red Team Tools are Red Team Tools
13:39 – Optics(3)
16:22 – SIGMA and SIGMAC
22:13 – Red Team Tool : Responder
25:35 – Red Team Tool : CrackMapExec
29:57 – Red Team Tool : DomainPasswordSpray
38:48 – Red Team Tool : Mimikatz
46:41 – Red Team Tool : BloodHound
50:59 – Blue Team Tool : Plumbhoud
58:38 – Final Thoughts