In this video, Gabriel Prud’homme discusses various techniques for NTLM relay attacks and their mitigation, focusing on the theory, demonstrations, and practical applications. He explains the vulnerabilities in network protocols and systems like LLMNR, SMB, and HTTP, and shows how these can be exploited using tools like Responder and NTLMRelayX.
Dungeons & Dragons – The Security Tool You Didn’t Know You Needed Klaus Agnoletti In my talk, I’ll dive into the world of game-based learning in cybersecurity, showcasing HackBack – a unique framework that blends role-playing game elements with security training. I’ll explain how HackBack …
In this video, Jordan and Kent discuss the utilization of red team tools from a blue team perspective. They explore how these tools can be repurposed to enhance cybersecurity defenses and the challenges of integrating red team tools into blue team operations.
This webcast was originally published on January 31, 2024 In this video, Eric Kuehn delves into advanced techniques for interacting with Active Directory using various tools such as LDP, PowerShell, and AD Cmdlets. He demonstrates how to effectively query and manipulate Active Directory data, providing …
In this video, Greg Hatcher & John Stigerwalt discuss advanced techniques for bypassing antivirus and endpoint detection systems using compiler optimizations and thread pool APIs for process injection.
In this video, Jeff McJunkin discusses the differences and nuances between penetration testing and red teaming, focusing on their respective roles in cybersecurity. He elaborates on the unique approaches and objectives of each, highlighting how they test organizational defenses differently.
In this video, John and Greg discuss the intricacies of setting up and protecting red team infrastructure using Cobalt Strike, AWS, and Azure. They delve into the details of using redirectors, securing C2 servers, and the importance of proper traffic restrictions to avoid detection.
In this video, Carrie Roberts delves into the intricacies of the Atomic Red Team project. He explains how to use the library of scripted cyber attacks to enhance security testing and training, demonstrating practical applications and configurations.
In this video, Ralph discusses how to build a phishing engagement, focusing on coding techniques and tools to automate and secure phishing tests. He demonstrates how infrastructure setup, operational security, and phishing email creation can be automated using tools like Ansible, Terraform, and Docker.
In this video, BB King discusses the security implications and vulnerabilities associated with JSON Web Tokens (JWTs) in web applications. They delve into various attack methods, including the misuse of the ‘none’ algorithm and the potential dangers of poor JWT implementation.
