- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
SIEGECAST: Assumed Breach Part II
#cybersecurity #hacking #infosec
https://redsiege.com/
Penetration Testing
Web Application Penetration Testing
Ransomware Readiness Assessment
Mobile App Assessment
Remote Access Assessment
Purple Team
Red Team & Adversary Emulation
Let our offense, prepare your defense.
getoffensive@redsiege.com
______________________________________________________________
Today, Red Siege is continuing the talk about the shortcomings of the traditional penetration test, and a very high-level discussion on the different techniques and tools to deliver (and receive) a higher value penetration test utilizing the assumed breach method.
SiegeCast: "Assumed Breach Part II"
Presented by
Mike Saunders ( mike@redsiege.com )
As a continuation of "ASSUMED BREACH PART I" with Tim Medin - We will be taking an even deeper and more critical look at today's current penetration test standard. The current model for penetration testing is broken. The typical scan and exploit model doesn’t reflect how real attackers operate after establishing a foothold. At the same time, most organizations aren’t mature enough to need a proper red team assessment. It’s time to start adopting the assumed breach model. In this talk, Mike will discuss techniques for assumed breach assessments that provide a better model for emulating the techniques attackers use once they’ve established a foothold inside a typical network.
Slides: https://redsiege.com/ab2
Follow Us
Twitter: https://twitter.com/redsiege/
Facebook: https://facebook.com/rsiege/
Linkedin: https://www.linkedin.com/company/reds...
_______________________________________________________
Red Siege Founder: Tim Medin (tim@redsiege.com)
Twitter: @timmedin
Red Siege is an information security consulting company that concentrates on the latest threats to organizations today. We perform in-depth analysis, determine organization/business risk, and find the vulnerabilities before the bad guys do. Our team includes internationally renowned experts who have been featured in international news outlets and conferences, including The Wall Street Journal, The Washington Post, a News Channel Asia Documentary.
https://redsiege.com
#hacking #redteam #penetrationtesting #pentest #assumedbreach
0:00 Introduction
0:57 Pen Testing is BROKEN
1:38 I WANT A RED TEAM
4:09 AB - TWO(ish) MODELS
7:29 Compromised USER - PATH B
13:32 MALICIOUS USER
15:01 REAL WORLD TACTICS
16:39 ASSUMED BREACH TACTICS
21:23 INITIAL ACCESS
23:07 FINDING ACCOUNTS
27:29 KERBEROASTING HONEYPOT
31:42 HONEYPOT GPP CREDS
32:43 HUNTING GPP CREDS
34:46 DETECT LATERAL MOVEMENTY
36:41 TRAWLING FILES/SHARES
38:59 Detection: Canary Folder/File
40:39 HUNTING SESSIONS
41:34 BYO POWERSHELL
43:51 PROS & CONS
46:57 SUMMARY
48:37 QUESTIONS?
Видео SIEGECAST: Assumed Breach Part II канала Red Siege
https://redsiege.com/
Penetration Testing
Web Application Penetration Testing
Ransomware Readiness Assessment
Mobile App Assessment
Remote Access Assessment
Purple Team
Red Team & Adversary Emulation
Let our offense, prepare your defense.
getoffensive@redsiege.com
______________________________________________________________
Today, Red Siege is continuing the talk about the shortcomings of the traditional penetration test, and a very high-level discussion on the different techniques and tools to deliver (and receive) a higher value penetration test utilizing the assumed breach method.
SiegeCast: "Assumed Breach Part II"
Presented by
Mike Saunders ( mike@redsiege.com )
As a continuation of "ASSUMED BREACH PART I" with Tim Medin - We will be taking an even deeper and more critical look at today's current penetration test standard. The current model for penetration testing is broken. The typical scan and exploit model doesn’t reflect how real attackers operate after establishing a foothold. At the same time, most organizations aren’t mature enough to need a proper red team assessment. It’s time to start adopting the assumed breach model. In this talk, Mike will discuss techniques for assumed breach assessments that provide a better model for emulating the techniques attackers use once they’ve established a foothold inside a typical network.
Slides: https://redsiege.com/ab2
Follow Us
Twitter: https://twitter.com/redsiege/
Facebook: https://facebook.com/rsiege/
Linkedin: https://www.linkedin.com/company/reds...
_______________________________________________________
Red Siege Founder: Tim Medin (tim@redsiege.com)
Twitter: @timmedin
Red Siege is an information security consulting company that concentrates on the latest threats to organizations today. We perform in-depth analysis, determine organization/business risk, and find the vulnerabilities before the bad guys do. Our team includes internationally renowned experts who have been featured in international news outlets and conferences, including The Wall Street Journal, The Washington Post, a News Channel Asia Documentary.
https://redsiege.com
#hacking #redteam #penetrationtesting #pentest #assumedbreach
0:00 Introduction
0:57 Pen Testing is BROKEN
1:38 I WANT A RED TEAM
4:09 AB - TWO(ish) MODELS
7:29 Compromised USER - PATH B
13:32 MALICIOUS USER
15:01 REAL WORLD TACTICS
16:39 ASSUMED BREACH TACTICS
21:23 INITIAL ACCESS
23:07 FINDING ACCOUNTS
27:29 KERBEROASTING HONEYPOT
31:42 HONEYPOT GPP CREDS
32:43 HUNTING GPP CREDS
34:46 DETECT LATERAL MOVEMENTY
36:41 TRAWLING FILES/SHARES
38:59 Detection: Canary Folder/File
40:39 HUNTING SESSIONS
41:34 BYO POWERSHELL
43:51 PROS & CONS
46:57 SUMMARY
48:37 QUESTIONS?
Видео SIEGECAST: Assumed Breach Part II канала Red Siege
Комментарии отсутствуют
Информация о видео
22 августа 2020 г. 4:39:48
01:06:40
Другие видео канала
Pen Test Process Part 3 : The Report
Adventures in Shellcode Obfuscation: Part 4 "RC4 with a Twist"
SIEGECAST Effective Phishing Pretexts
How to Secure Your Penetration Testing Environment with Full Disk Encryption
SIEGECAST: Sorting Out Offensive Services
SIEGECAST: How Red Siege Stole Christmas
SIEGECAST: Pentesting Step One
Shellcode Obfuscation Made Simple
SIEGECAST: Assumed Breach Part I
Good Intro
Pen Test Process Part 2: The Method
SIEGECAST: Focus Your Research
SIEGECAST Cloud Pentesting Part 2
SIEGECAST: High Impact Simple Hacks
Adventures in Shellcode Obfuscation: Part 10 "Shellcode as MAC Addresses"
Hacking Lofi DOCUMENTATION
RED SIEGE HACKING LOFI VOL 2
Hiding Shellcode in Images
SIEGECAST: SAME HACK DIFFERENT DAY
SIEGECAST: Buffer Overflow 101
