My review of The Hacker Playbook 3: Practical Guide to Penetration Testing (Red Team Edition).
I was lucky enough to get the reminder to K.I.S.S. on a recent engagement. While the latest TTPs can be very useful, it is important to keep "the basics" in mind. ARP Poisoning Guide: https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_arp_poisoning.htm Ettercap: https://www.ettercap-project.org/ Bettercap: https://www.bettercap.org/ PCredz: https://github.com/lgandx/PCredz SMB Encryption: https://docs.microsoft.com/en-us/windows-server/storage/file-server/smb-security Detection of Arp Spoofing: https://www.comparitech.com/blog/vpn-privacy/arp-poisoning-spoofing-detect-prevent/ Show notes: https://seangoodwin.blog/sts001 Twitter: https://twitter.com/0xSeanG iTunes: … Continue reading Episode 001: Keep It Simple [Sean]
Welcome to Stumbling Through Security. No real show notes yet, but thanks to checking this out. I am looking forward to seeing where this process takes me. Follow me on Twitter (https://twitter.com/0xSeanG) and/or subscribe to the podcast to keep up with future episodes. Show notes can be found at https://seangoodwin.blog/sts000.
I had a great day at BloomCon 0x04 - there were a lot of good talks, and the OSINT CTF brought a lot of fun between sessions. I was happy to share my ideas on building a successful security awareness program. My slides and additional resources can be found here.
Next up on the book review list is Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman