My review of The Hacker Playbook 3: Practical Guide to Penetration Testing (Red Team Edition).
I was lucky enough to get the reminder to K.I.S.S. on a recent engagement. While the latest TTPs can be very useful, it is important to keep "the basics" in mind. ARP Poisoning Guide: https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_arp_poisoning.htm Ettercap: https://www.ettercap-project.org/ Bettercap: https://www.bettercap.org/ PCredz: https://github.com/lgandx/PCredz SMB Encryption: https://docs.microsoft.com/en-us/windows-server/storage/file-server/smb-security Detection of Arp Spoofing: https://www.comparitech.com/blog/vpn-privacy/arp-poisoning-spoofing-detect-prevent/ Show notes: https://seangoodwin.blog/sts001 Twitter: https://twitter.com/0xSeanG iTunes: … Continue reading Episode 001: Keep It Simple [Sean]
Next up on the book review list is Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman
Have you been hearing these terms thrown around by your IT or Compliance teams, but aren’t quite sure what they are talking about? This post aims to clarify the two types of testing, and provide some basic information to help identify which test is right for you.
I was recently reading the Internet Security Threat Report (ISTR) from Symantec put out July 2017 "Living off the land and fileless attack techniques" and wanted to call attention to this document, as many of the TTPs discussed seem to be just as relevant today. One of the TTPs that jumps out is what Symatec … Continue reading Weekly Recap #6 – “Living off the Land”