tactical exploitation - the other way to pentest
TRANSCRIPT
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
1/79
Las Vegas August 2007
Tactical ExploitationTactical Exploitationthe other way to pen-test the other way to pen-test
hdm !alsmithhdm !alsmith"lac# $at %&A 2007"lac# $at %&A 2007
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
2/79
Las Vegas August 2007
who are we 'who are we '
H D Moore
"rea#ing(oint &ystems )) Metasploit
Valsmith
*++ensi!e ,omputing )) Metasploit
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
3/79
Las Vegas August 2007
why listen 'why listen '
A different approach to pwning
Lots of fun techniues! new tools
"eal#world tested $#%
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
4/79
Las Vegas August 2007
what do we co!er 'what do we co!er '
&arget profiling
Discover' tools and techniues ()ploitation
*etting 'ou remote access
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
5/79Las Vegas August 2007
the tactical approachthe tactical approach
Vulnera+ilites are transient
&arget the applications &arget the processes &arget the people &arget the trusts
,ou WILLgain access.
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
6/79Las Vegas August 2007
the tactical approachthe tactical approach
-racers are opportunists
()pand the scope of 'our tests (ver'thing is fair game
/hat 'ou dont test... 0omeone else will1
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
7/79Las Vegas August 2007
the tactical approachthe tactical approach
Hacing is not a+out e)ploits
&he target is the data! not r22t Hacing is using what 'ou have
3asswords! trust relationships 0ervice hi4acing! auth ticets
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
8/79
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
9/79Las Vegas August 2007
personnel disco!erypersonnel disco!ery
5dentif'ing the meatware
*oogle 6ewsgroups 0ense3ost tools (volution from 3aterva.com
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
10/79Las Vegas August 2007
personnel disco!erypersonnel disco!ery
&hese tools give us
7ull names! usernames! email (mplo'ment histor' 3hone num+ers 3ersonal sites
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
11/79Las Vegas August 2007
personnel disco!erypersonnel disco!ery
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
12/79Las Vegas August 2007
personnel disco!erypersonnel disco!ery
0tarted with compan' and 4o+s
7ound online personnel director' 7ound people with access to data
7ound resumes! email addresses (mail name 8 username 8 target
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
13/79Las Vegas August 2007
personnel disco!erypersonnel disco!ery
9oe &argetstein
/ors as lead engineer in semiconductor department
(mail address 4oet:compan'.com
;ld newsgroup postings show
4oet:4oes+o).compan'.com
6ow we have username and a host to target to go
after semi conductor information
mailto:[email protected]:[email protected] -
8/12/2019 Tactical Exploitation - The Other Way to Pentest
14/79
Las Vegas August 2007
networ# disco!erynetwor# disco!ery
5dentif' 'our target assets
7ind unnown networs 7ind third#part' hosts
Doens of great tools... Lets stic to the less#nown ones
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
15/79
Las Vegas August 2007
networ# disco!erynetwor# disco!ery
&he overused old +usted
/hois! *oogle! one transfers "everse D60 looups
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
16/79
Las Vegas August 2007
networ# disco!erynetwor# disco!ery
&he shiny newhotness
;ther people=s services -entral;ps.net! Digital3oint.com
Domain&ools.com 3aterva.com
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
17/79
Las Vegas August 2007
networ# disco!erynetwor# disco!ery
Domain&ools vs Defcon.org1. Darktangent.net 0 listings0 listings0 listings
2. Defcon.net 0 listings0 listings0 listings
3. Defcon.org 1 listings18 listings 1 listings
4. Hackerjeopardy.com 0 listings0 listings0 listings
. Hackerpoetry.com0 listings0 listings0 listings!. "#edarktangent.com 0 listings0 listings0 listings
$. "#edarktangent.net 0 listings0 listings0 listings
8. "#edarktangent.org 0 listings0 listings0 listings
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
18/79
Las Vegas August 2007
networ# disco!erynetwor# disco!ery
Domain&ools vs Defcon.net 1. 0day.com 0 listings0 listings0 listings
2. 0day.net 0 listings0 listings0 listings
3. Darktangent.org 0 listings0 listings0 listings
% snipped personal domains &
12. 'ec(rity)en.com 0 listings0 listings0 listings
13. *eroday.com 0 listings0 listings0 listings
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
19/79
Las Vegas August 2007
networ# disco!erynetwor# disco!ery
/hat does this get us
3ro)ied D60 pro+es! transfers List of virtual hosts for each 53 3ort scans! traceroutes! etc *old mine of related info
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
20/79
Las Vegas August 2007
networ# disco!erynetwor# disco!ery
Active discover' techniues
&rigger 0M&3 +ounces ?rute force H&&3 vhosts /atch out+ound D60 9ust email the users1
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
21/79
Las Vegas August 2007
networ# disco!erynetwor# disco!ery
+ecei,ed- from (nknon /HL gateay1.rsasec(rity.com/21!.1!2.240.20
y %censored& it# '"56 28 7(n 200$ 1-11-2 9000
+ecei,ed- from #yperion.rsasec(rity.com ygateay1.rsasec(rity.com
,ia smtpd /for %censored&. %:::.:::.:::.:::& it#'"56 "#(; 28 7(n 200$ 1!-11-2 90400
y #yperion.na.rsa.net /' 3.8.39
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
22/79
Las Vegas August 2007
application disco!eryapplication disco!ery
5f the networ is the toast...
Applications are the +utter. (ach app is an entr' point 7inding these apps is the tric
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
23/79
Las Vegas August 2007
application disco!eryapplication disco!ery
&ons of great tools
6map! Amap! 6ito! 6essus -ommercial tools
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
24/79
Las Vegas August 2007
application disco!eryapplication disco!ery
0low and stead' wins the deface
0can for specific port! one port onl' 5D0@530 can=t handle slow scans
Ex. nmap -sS -P0 -T 0 -p 1433 ips
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
25/79
Las Vegas August 2007
application disco!eryapplication disco!ery
()ample target had custom 5D0 to
detect large of host connections 0tandard nmap lit up 5D0 lie BMA0
;ne port slow scan never detected
Cnow ;0 +ased on port EFG@%
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
26/79
Las Vegas August 2007
application disco!eryapplication disco!ery
&arget had internal app for software licensing @
distri+ution
I2!222 nodes had app installed
A couple of hours with 5DA@;ll'd+g showed
static Admin passwordin app=s memor'
All accessi+le nodes owned! 2 e)ploits used
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
27/79
Las Vegas August 2007
application disco!eryapplication disco!ery
/e+ Application Attac and Audit
7ramewor /FA7J KMetasploit for the we+
Metasploit F scanning modules 0canning mi)in
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
28/79
Las Vegas August 2007
application disco!eryapplication disco!ery
D
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
29/79
Las Vegas August 2007
client app disco!eryclient app disco!ery
-lient applications are fun1
Almost alwa's e)ploita+le (as' to fingerprint remotel' ,our last#chance entrance
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
30/79
Las Vegas August 2007
client app disco!eryclient app disco!ery
-ommon pro+e methods
Mail lins to the targets "eview e)posed we+ logs 0end MD6s to specific victims A+use all! ever'one! team aliases
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
31/79
Las Vegas August 2007
process disco!eryprocess disco!ery
&rac what 'our target does
Activit' via 53 5D counters Last#modified headers 7&3 server statistics
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
32/79
Las Vegas August 2007
process disco!eryprocess disco!ery
Loo for patterns of activit'
Large 53 5D increments at night 7&3 stats at certain times
Microsoft 7&3 05&( 0&A&0
/e+ pages +eing uploaded -hec timestamps on images
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
33/79
Las Vegas August 2007
process disco!eryprocess disco!ery
()isting tools
6one! reall'... (as' to script
se Khping for 53 5D tracing se netcat for 05&( 0&A&0
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
34/79
Las Vegas August 2007
process disco!eryprocess disco!ery A?;" J FN A--& J ALL; J F A33( J OP -D3 J QRRP -/D J FNNRFP
DL - 110 7(A& J GO2 H(L3 J PO2 L50& J FNNRR MD&M J PG2O2 @D - 8$0 M;D( J FGFN
6L0& J PG
6;;3 J POFOG ;3&0 J OQR 3A00 J 2Q2QQQ22 3A0V J ROPG2G 3;"& J ONRQN 3/D J OGNQ
S5& J PFOO "(56 J R "(0& J FRNP "(&" J QFP2 +D - 41 +AB+ - 8 +A" - 2
05&( J 2PN
05T( J ORGN2 0M6& J R 0&A& J F2N '"+ - 303 0&" J FGG 0,0& J OQQOG
&,3( J F2FNNOG ?'+ - 200!4280 B-/D J RO BMCD J B3/D J P2 B"MD J
ftp.microsoft.com %node& 'I" '"="' C ?ptime- 4$ days
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
35/79
Las Vegas August 2007
process disco!eryprocess disco!ery
I5 ID onitoring C H=@+.
>
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
36/79
Las Vegas August 2007
. /inute "rea#. /inute "rea#
-ome +ac for the e)ploits1
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
37/79
Las Vegas August 2007
re-introductionre-introduction
5n our last session...
Discover' techniues and tools 5n this session...
-ompromising s'stems1
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
38/79
Las Vegas August 2007
external networ#external networ#
&he crunch' cand' shell
()posed hosts and services V36 and pro)' services -lient#initiated sessions
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
39/79
Las Vegas August 2007
attac#ing +tp trans+ersattac#ing +tp trans+ers
Active 7&3 transfers
-lients often e)pose data ports 6A& U Active 7&3 8 7irewall Hole
3assive 7&3 transfers Data port hi4acingJ Do0 at least pasvagg.pl still wors 4ust fine J#%
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
40/79
Las Vegas August 2007
attac#ing we ser!ersattac#ing we ser!ers
?rute force vhosts! files! dirs httpJ@@www.cra'.com@old@
0ource control files left in root httpJ@@www.achsong.com@-V0@(ntries
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
41/79
Las Vegas August 2007
attac#ing we ser!ersattac#ing we ser!ers
Apache "everse 3ro)'ing
GET /%00 HTTP/1.1
Host !ealhost."om
Apache D'namic Virtual Hosting
GET / HTTP/1.1
Host %00/
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
42/79
Las Vegas August 2007
load alancersload alancers
-ause load +alancer to Klea
internal 53 informationse &-3 half#close H&&3 reuest
Alteon A-(director good e)ample
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
43/79
Las Vegas August 2007
load alancersload alancers
A-(director mishandles &-3 half#close reuests
?ehavior can +e used as signaturefor e)istence of Load ?alancer
Direct pacets from real we+serverfowarded +ac to client Ewith 53%
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
44/79
Las Vegas August 2007
cgi case studycgi case study /e+ Host with 222=s of sites
Had demo -*5 for customers
-*5 had director' traversal www.host.com@cgi#[email protected]@..@..@cgi
-*5 e)ecuta+le U writa+le on ever'director'
-ommon on we+ hosts1
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
45/79
Las Vegas August 2007
cgi case studycgi case study
(numeratedJ sernames Dirs ?acup files ;ther -*5 scripts VH;0&0
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
46/79
Las Vegas August 2007
cgi case studycgi case study
&arget happened to run solaris 0olaris treats dirs as files cat @dirname 8 ls @dirname httpJ@@www.host.com@cgi#[email protected]@..@..@..@[email protected]
i d
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
47/79
Las Vegas August 2007
cgi case studycgi case study
7ound -*5 script names
*oogled for vulns*ained shell 22=s of different wa's
;wned due to variet' of la'ered
configuration issues
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
48/79
Las Vegas August 2007
attac#ing dns ser!ersattac#ing dns ser!ers
?rute force host names
B5D seuence anal'sis ?56D GJ 3"6* @ ?irthda'
V)/orsJ B5D 8 B5D U "eturn e)tra answers in response
h i i l
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
49/79
Las Vegas August 2007
authentication relaysauthentication relays
0M?@-570 clients are fun1 0teal hashes! redirect! M5&M
6&LM rela' +etween protocols
0M?@H&&3@0M&3@3;3F@5MA3 More on this later...
i l i i
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
50/79
Las Vegas August 2007
social engineeringsocial engineering
*ive awa' free to's -D";Ms! 0? e's! 6N22s
"eplace 30 with ;pen/"&
-heap and eas' to mae
i l #i l #
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
51/79
Las Vegas August 2007
internal networ#internal networ#
&he soft chew' center &his is the fun part J% (as' to tric clients
i iti i
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
52/79
Las Vegas August 2007
netios ser!icesnetios ser!ices
6et?5;0 names are magic
/3AD -AL5-(60(
d id i
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
53/79
Las Vegas August 2007
dns ser!icesdns ser!ices
Microsoft D60 U DH-3 8 fun
5n4ect host names into D60 Hi4ac the entire networ
d#cpcd 9# W5=D 9i et#0
$i1 #i TL/$i1 #i TL/
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
54/79
Las Vegas August 2007
$i1ac#ing TL/$i1ac#ing TL/
Suicl' own all local worstations *ain access to mail and we+ sites
A new twist on Ksm+rela'.cpp
,es! it was released in 22. 6ow implemented in Metasploit F
$i1 #i TL/$i1ac#ing TL/
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
55/79
Las Vegas August 2007
$i1ac#ing TL/$i1ac#ing TL/
. M5&M all out+ound we+ traffic -ache poison the K/3AD host 3lain old A"3 spoofing DH-3 @ 6et?5;0 U K/3AD
"un a rogue /i7i access point Manipulate &;" connections
$i1 #i TL/$i1ac#ing TL/
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
56/79
Las Vegas August 2007
$i1ac#ing TL/$i1ac#ing TL/
. "edirect H&&3 reuests to Kintranet /3AD U 0;-C0 server 0S5D U transparent pro)'ing F2 "edirect
$i1ac#ing TL/$i1ac#ing TL/
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
57/79
Las Vegas August 2007
$i1ac#ing TL/$i1ac#ing TL/
F. "eturn H&ML page with 6- lin 5( Q@R@OJ 7irefo)J moicon#urlJfileJ@@@@ip@[email protected]
&hird#part' pluginsJ
Ado+e 3D7 Viewer /indows Media 3la'er Microsoft ;ffice
$i1ac#ing TL/$i1ac#ing TL/
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
58/79
Las Vegas August 2007
$i1ac#ing TL/$i1ac#ing TL/
P. Accept 0M? connection and rela' Accept connection from the client -onnect to the target server Eor client% As target for -hallenge Ce'
3rovide this Ce' to the client Allow the client to authenticate
$i1ac#ing TL/$i1ac#ing TL/
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
59/79
Las Vegas August 2007
$i1ac#ing TL/$i1ac#ing TL/
Q. ()ecuting remote code Disconnect the client se authenticated session
ADM56X U 0ervice -ontrol ManagerAccess data! call "3- routines! etcAccess the remote registr'
$i1ac#ing TL/$i1ac#ing TL/
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
60/79
Las Vegas August 2007
$i1ac#ing TL/$i1ac#ing TL/
D
+ile ser!ers+ile ser!ers
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
61/79
Las Vegas August 2007
+ile ser!ers+ile ser!ers
#$S applian"es a!e sa&e an' se"(!e)
Don=t worr'! the vendor sure doesn=t npatched 0am+a daemons
0nap! &era0erver! ;0 B! etc.
5nconsistent file permissions A73 vs 670 vs 0M?
sama is awesomesama is awesome
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
62/79
Las Vegas August 2007
sama is awesomesama is awesome
GGG called! want their +ugs +ac "emem+er those scar' K6LL 0essions 0am+a (6M @ 05D0" user listing Massive information leas via D-("3-
0hares! sers! 3olicies ?rute force accounts Eno locout%
sm case studysm case study
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
63/79
Las Vegas August 2007
sm case studysm case study
;ld +ugs +ac to haunt new +o)es
7ound ;0 B ?o) running 0M? ser sent mail touting ;0 B sec
3revious scans had found vulns
serJ Kfalse positive! its ;0 B
sJ K;wned
sm case studysm case study
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
64/79
Las Vegas August 2007
sm case studysm case study
3erformed 6ull 0ession net use WWos)sm+WipcX K @userJ
(numerated users and shares?rute forced several user accounts
*ot shell! escalated to rootserJ K+ut . .+ut . . its ;0 B1
sama !s metasploitsama !s metasploit
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
65/79
Las Vegas August 2007
sama !s metasploitsama !s metasploit
Metasploit modules for 0am+a Linu) Ev0'scall U &argets% Mac ;0 B E33-@)NR% 0olaris E03A"-!)NR%
Au)iliar' 3o-s
n+s ser!icesn+s ser!ices
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
66/79
Las Vegas August 2007
n+s ser!icesn+s ser!ices
670 is 'our friend Dont forget its eas' cousin 650
0can for port @ 2PG showmo(nt -e / showmo(nt -a
/hats e)ported! whose mounting
n+s ser!icesn+s ser!ices
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
67/79
Las Vegas August 2007
n+s ser!icesn+s ser!ices
()ported 670 home directories 5mportant target1
5f 'ou get control ;wn ever' nodethat mounts it
n+s ser!icesn+s ser!ices
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
68/79
Las Vegas August 2007
n+s ser!icesn+s ser!ices
5f 'ou are root on home server ?ecome an'one E650@su% Harvest *nown+hostsfiles Harvest allowe'+*eys
Modif' .login! etc. U insert tro4ans
n+s ser!icesn+s ser!ices
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
69/79
Las Vegas August 2007
n+s ser!icesn+s ser!ices
0oftware distro servers are fun1 All nodes access over 670 /rite to software distro directories &ro4an ever' node at once
6o e)ploits needed1
+ile ser!ices+ile ser!ices
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
70/79
Las Vegas August 2007
+ile ser!ices+ile ser!ices
()ampleJ all nodes were disless @ patched
-lients got software from 670 server
/e haced the software server
sing trust hi4acing e)plained later 5nserted tro4aned gnu +inaries
222=s of nodes sent us shells
trust relationshipstrust relationships
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
71/79
Las Vegas August 2007
trust relationshipstrust relationships
&he target is unavaila+le to , 6ot to another host 'ou can reach...
6etwors ma' not trust ever'one ?ut the' often trust each other J%
truststrusts
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
72/79
Las Vegas August 2007
truststrusts
Deal with firewalls@&-3 wrappers@A-Ls
7ind a node that is accepted and own it
3eople wrapper ni) and leave /indows
open
Hac the /indows +o) and port forward
past wrappers
truststrusts
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
73/79
Las Vegas August 2007
truststrusts
()ampleJ Mi)ed networ with ni)wrapperd
&arget 0olaris homedir server Had auth credentials +ut couldn=t reach
port
7ound vulnera+le win +o) ! owned @installed portfworward to homedir port
$i1ac#ing &&$$i1ac#ing &&$
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
74/79
Las Vegas August 2007
$i1ac#ing &&$$i1ac#ing &&$ 5dea is to a+use legitimate users access
over 00H
5f user can access other s'stems! wh'
can=t 'ou Eeven without users password%
;ne time passwords 6o pro+lem1
5ntel gathering
$i1ac#ing &&$$i1ac#ing &&$
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
75/79
Las Vegas August 2007
$i1ac#ing &&$$i1ac#ing &&$ Availa+le tools
Metalstorm ssh hi4acing &ro4aned ssh clients 00H master modes
Dont for get &&, hi4acing
Appcap &&,/atcher
/ho suspects a dead 00H session
$i1ac#ing &&$$i1ac#ing &&$
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
76/79
Las Vegas August 2007
$i1ac#ing &&$$i1ac#ing &&$
D
$i1ac#ing 3ereros$i1ac#ing 3ereros
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
77/79
Las Vegas August 2007
$i1ac#ing 3ereros$i1ac#ing 3ereros Cer+eros is great for one time
authentication . . even for hacers
5dea is to +ecome a user and hi4ac
er+eros ticets
*ain access to other trusted nodes
$i1ac#ing 3ereros$i1ac#ing 3ereros
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
78/79
Las Vegas August 2007
$i1ac#ing 3ereros$i1ac#ing 3ereros
D
,onclusion,onclusion
-
8/12/2019 Tactical Exploitation - The Other Way to Pentest
79/79
Las Vegas August 2007
,onclusion,onclusion
-ompromise a Ksecure networ
Determination U creativit' wins &ools cannot replace talent.