Living off the land: enterprise postexploitation

Presented at DerbyCon 8.0 Evolution (2018), Oct. 7, 2018, 1 p.m. (50 minutes).

You’ve compromised that initial server and gained a foothold in the target network: congratulations! But wait - the shadow file has no hashes but root, the ssh keys have strong passphrases, and all the interesting traffic is encrypted - there’s nothing of value here! Or is there? In this talk, I will explore post-exploitation techniques for turning your compromised bastion hosts into active credential interceptors under a variety of blue team monitoring scenarios.


Presenters:

Links:

Similar Presentations: