0wning the network with CrackMapExec v4.0 скачать в хорошем качестве

0wning the network with CrackMapExec v4.0

Wild West Hackin' Fest 2017 Ever needed to pentest a network with 10 gazillion hosts with a very limited time frame? Ever wanted to Mimikatz entire subnets? How about shelling entire subnets? How about dumping SAM hashes? Share spidering? Keeping track of all the credentials you pillaged? (The list goes on!) And doing all of this in the stealthiest way possible? Look no further than CrackMapExec! CrackMapExec (a.k.a CME) is a modular post-exploitation tool written in Python that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of "Living off the Land": abusing built-in Active Directory features/protocols to achieve it's functionality and allowing it to evade most endpoint protection, IDS and IPS solutions. Although meant to be used primarily for offensive purposes, CME can be used by blue teams as well to assess account privileges, find misconfigurations and simulate attack scenarios. In this demo heavy talk, I will be showing off v4.0, a major update to the tool bringing more feature and capabilities than ever before! Additionally, we will be taking a deep dive into the internals of the tool itself to understand what makes it 'tick', how to properly defend against it and how to customize it to your needs! If you are interested in the latest and greatest Active Directory attacks/techniques, weaponizing them at scale and general cool AD stuff this is the talk for you! _______________________________________________________ Marcello Salvati (@byt3bl33d3r) is a security consultant who's really good at writing bios. He's so good at writing bios that he was awarded the 'The Best Bio Ever from insert date when bios became a thing to 2017" award. (Totally legit award. Don't Google it, Bing it). His boss Liz asked him about ten times to re-write his bio because "It was too good. He had to make it less good. We didn't want people to cry in shame when they read it. It was like a poem ... sniff.. *a single tear is shed*". By day a security consultant, by night a tool developer who discovered a novel technique to turn tea, sushi and dank memes into somewhat functioning code he has recently devoted his attention to the wonderful rabbit hole that is Active Directory which has become his favorite thing to 0wn.