Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_AttackTactics6ReturnofBlueTeam.pdf
In this webcast we walk through the step-by-step defenses to stop the attackers in every step of the way we showed in Attack Tactics Part 5!!!
Timecode links take you to YouTube:
2:53 Introduction, password spray toolkit, account lockout, honey accounts, canary tokens, and two factor authorization
12:00 PCI #fixthefuture , two factor authorization, dumping global address lists, mailsniper
20:30 Lateral movement, OWA, VPN, SSH
32:54 Scanning and enumeration, Nmap, SSH Brute Force, “Find Open”, LLMNR, LLMNR Responder, and NrlmRelayX
41:25 Gaining access and lateral movement, crackmapexec, how to detect if LLMNR gets turned back on after disabling
47:36 Additional paths, using RITA for detection, internal cobalt strikes, and Endpoint
Originally recorded as a live webcast on May 16th, 2019
Presented by: John Strand, Jordan Drysdale, Kent Ickler
Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts.
Attend John Strand’s Black Hat class this Aug 3-6, 2019 in Las Vegas: https://www.blackhat.com/us-19/training/schedule/index.html#a-guide-to-active-defense-cyber-deception-and-hacking-back-14124