The Top 5 Ways I Own Your Internal Network presented at BSidesRDU 2019

by Heath Adams,

Summary : This talk discussed the top five ways I own internal networks when performing internal penetration tests. The talk will briefly discuss each topic, perform a live demonstration of the attack (with backup slides of course because live demos are sketch), and discuss blue team prevention measures. The talk will demonstrate how an attacker can leverage these attacks for lateral movement purposes and domain admin access. The ideal audience for this talk is junior penetration testers, blue teamers, C-levels, and anyone interested in common internal Active Directory network attacks.Here is the talk outline:1. Introduction (5 minutes)1.1 whoami1.2 Why this talk?2. Attack #1: LLMNR poisoning/hash cracking (7 minutes)2.1 Brief overview of the attack and vulnerability2.2 Live demonstration of the attack2.3 Attack prevention/blue team measures3. Attack #2: Pass-the-hash/Pass-the-password (7 minutes)3.1 Brief overview of the attack and vulnerability3.2 Live demonstration of the attack3.3 Attack prevention/blue team measures4. Attack #3: Token Impersonation (7 minutes)4.1 Brief overview of the attack and vulnerability4.2 Live demonstration of the attack4.3 Attack prevention/blue team measures5. Attack #4: SMB Relay (7 minutes)5.1 Brief overview of the attack and vulnerability5.2 Live demonstration of the attack5.3 Attack prevention/blue team measures6. Attack #5: Kerberoasting (7 minutes)6.1 Brief overview of the attack and vulnerability6.2 Live demonstration of the attack6.3 Attack prevention/blue team measures7. Q&A/Questions from audience (5 minutes)