How I Would Hack You: Methods Used to Attack and How to Defend

Video Link:How I Would Hack You: Methods Used to Attack and How to Defend

Connecting with Jason & Matt

• Shave That Beard For Charity Shave That Beard - CyberMattLee
• Matt Lee
  • https://www.youtube.com/c/CyberMattLee
  • https://cybermattlee.com
  • Matt Lee, CISSP, CCSP, CFR, PNPT - Pax8 | LinkedIn
• Jason Slage
  • Jason Slagle - CNWR, Inc. | LinkedIn
  • https://www.cnwr.com/
  • https://www.youtube.com/user/jmslagle1

External Asset Discovery

• https://dnsdumpster.com/
  • For netstandard we discussed & pointed out the following:
    • All the ESXI hosts
    • Lab-vcsa
    • Connect (rdweb)
    • Wificontroller (Unifi 6.5.54)
    • vcenter
• https://www.shodan.io/
• https://crt.sh/
• https://www.exploit-db.com/
• https://mxtoolbox.com/
• https://builtwith.com/
• https://arin.net/ - apnic, etc.
• Use social media to dig into who works there, what their position is, and what we can learn
• Google Dorking for documents Download Google Dorks Cheat Sheet PDF for Quick References
• Nmap - especially with NSE scripts (–script=vuln -sV)
• Kali Linux use amass

Internal Assets Discovery & Leveraging

• Demonstrate external knowledge gained in previous steps
• Discuss using social media as a writing prompt for Spear phishing
• Discuss initial access often being hardest
• Microsoft Won’t Fix List (MicrosoftWontFixList/README.md at main · cfalta/MicrosoftWontFixList · GitHub)
• Grabbing auth tokens to bypass 2FA Evilginx2 - https://youtu.be/7W92dWcytCs

Other Links Referenced

• https://pentestbook.six2dez.com/ - Online Pentest Book with WEALTH of knowledge and tools
• https://twitter.com/KyleHanslovan/status/1551935618279776261 Post regarding Initial Access Broker asking for help
• https://www.kitploit.com/ Lots of hacking tools
• Configure adaptive session lifetime policies - Microsoft Entra ID | Microsoft Learn Microsoft Guidance on Persistence and Sessions