Webcast: Attack Tactics 6! Return of the Blue Team

Download slides: https://www.activecountermeasures.com/presentations

In this webcast we walk through the step-by-step defenses to stop the attackers in every step of the way we showed in Attack Tactics Part 5!!!

Timecode links take you to YouTube:

2:53 Introduction, password spray toolkit, account lockout, honey accounts, canary tokens, and two factor authorization
12:00 PCI #fixthefuture , two factor authorization, dumping global address lists, mailsniper
20:30 Lateral movement, OWA, VPN, SSH
32:54 Scanning and enumeration, Nmap, SSH Brute Force, “Find Open”, LLMNR, LLMNR Responder, and NrlmRelayX
41:25 Gaining access and lateral movement, crackmapexec, how to detect if LLMNR gets turned back on after disabling
47:36 Additional paths, using RITA for detection, internal cobalt strikes, and Endpoint
50:17 Q&A

Originally recorded as a live webcast on May 16th, 2019
Presented by: John Strand, Jordan Drysdale, Kent Ickler

Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts.

Join 1,798 other subscribers

Attend John Strand’s Black Hat class this Aug 3-6, 2019 in Las Vegas: https://www.blackhat.com/us-19/training/schedule/index.html#a-guide-to-active-defense-cyber-deception-and-hacking-back-14124