But instead of try multiple account against one account, we try a few passwords against ALL accounts. That's how password spraying works.
It's okay! Go change your password if you need to. ππΊ
#VolkExplains
We were able to take full DNS control of *.staff[.]example[.]com, and create our own user@staff[.]example[.]com email addresses.
That made our phishing engagements a piece of cake!
#VolkExplains πΊ
πΊ Forgotten project staging
πΊ Forgotten IPs
πΊ Active hosts that are no longer monitored
This is where we usually find the vulns!
#VolkExplains
Simple steps:
1. Win + R.
2. Ctrl + V.
3. Enter.
Nothing felt risky, so they followed along without thinking.
Nothing crashed or popped. Just like that, we got in
#HackingStories #VolkExplains
- AD User Object
- Printer
- Cert Template
βοΈ Some of the most frustrating examples.
Sometimes the best defence is letting the attacker believe they succeeded. πΊ
#VolkExplains
Everyone thinks attackers start by cracking passwords. Most of the time, we donβt. πΊ
We relay NTLM authentication instead.
You authenticate to one system β we relay that authentication attempt to another system.
No passwords needed.
#VolkExplains
Do you think your SIEM alerts will catch a brute force attack?
Some of the ways to try and remain undetected:
πΊ Low-and-slow attempts
πΊ Valid Usernames.
πΊ Distributed IPs
If you are waiting for a spike in the dashboard it may never come.
#VolkExplains
