"it basically was a way that we could do dll hijacking attacks, bypass edrs. and yeah, that webcast was wild, right? crazy. here ’ s a vulnerability that exists. if somebody can gain access to your system, they can get malware to execute and it ’ s going to bypass amzi and it ’ s …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
89%
"we just going to be osi model memes? is that what we ’ re doing here? is that where we ’ re going? okay, okay, focus on ransomware. we focus on ransomware for a really good reason. right. organizations get shut down. immediate impact and financial consequences for organizations g…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
81%
"##boxes that are exposed. clone security groups. carry out waterhole attacks, which was awesome by the way. super cool. find groups that can be modified directly by your user or membership rules can be adjusted to gain access. search all user attributes. leverage a gui built grap…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1199Trusted Relationship
78%
"attack occurred. that ’ s a problem. and like i said, it ’ s one of those problems we seem to completely ignore. and we need to get to the point where, i don ’ t know how we do this right, but we need somehow to like name and shame some of these vendors and make it so it ’ s not …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
72%
"reporting methodology that ’ s beyond just here ’ s the exploit, fix it and getting it to the point where here ’ s a full understanding of how that exploit came to be, how the tester found it, here ’ s how you validate it. so you ’ re equipping the customer to move forward to act…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
52%
", everybody basically started working remotely and we needed to make sure that everyone could remote work all the way through. so this is a type of attack that was, blogged about by proofpoint. we still use it. this is a little bit of a variation in proofpoint ’ s article. again,…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
42%
"yeah, we got old. jason blanchard yeah, for sure. daniel lowrie john, i got a question here from duotech says, how do you approach customers who prioritize prevention over post exploitation finding like graph runner, hounds etc, and how can blue or slash purple teams get movement…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
38%
"##erabilities m and there ’ s a ton of things that are known to the pen testing community and offensive community that don ’ t have cves that companies are using regularly in their engagements. and a lot of the firms share these techniques with each other like red siege, bhis tru…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
In this video, John Strand discusses the complexities and challenges of penetration testing, emphasizing that it goes beyond just finding and exploiting vulnerabilities.
