Video Link:How I Would Hack You: Methods Used to Attack and How to Defend
Connecting with Jason & Matt
- Shave That Beard For Charity Shave That Beard - CyberMattLee
- Matt Lee
- Jason Slage
External Asset Discovery
- https://dnsdumpster.com/
- For netstandard we discussed & pointed out the following:
- All the ESXI hosts
- Lab-vcsa
- Connect (rdweb)
- Wificontroller (Unifi 6.5.54)
- vcenter
- For netstandard we discussed & pointed out the following:
- https://www.shodan.io/
- https://crt.sh/
- https://www.exploit-db.com/
- https://mxtoolbox.com/
- https://builtwith.com/
- https://arin.net/ - apnic, etc.
- Use social media to dig into who works there, what their position is, and what we can learn
- Google Dorking for documents Download Google Dorks Cheat Sheet PDF for Quick References
- Nmap - especially with NSE scripts (–script=vuln -sV)
- Kali Linux use amass
Internal Assets Discovery & Leveraging
- Demonstrate external knowledge gained in previous steps
- Discuss using social media as a writing prompt for Spear phishing
- Discuss initial access often being hardest
- Microsoft Won’t Fix List (MicrosoftWontFixList/README.md at main · cfalta/MicrosoftWontFixList · GitHub)
- Grabbing auth tokens to bypass 2FA Evilginx2 - https://youtu.be/7W92dWcytCs
Other Links Referenced
- https://pentestbook.six2dez.com/ - Online Pentest Book with WEALTH of knowledge and tools
- https://twitter.com/KyleHanslovan/status/1551935618279776261 Post regarding Initial Access Broker asking for help
- https://www.kitploit.com/ Lots of hacking tools
- Configure adaptive session lifetime policies - Microsoft Entra ID | Microsoft Learn Microsoft Guidance on Persistence and Sessions