Manage episode 229267537 series 1288763
TLDR and TLDR (too long don't listen): go take this training. Please. Now. The end.
If you want to hear more, check out today's podcast episode where I talk about all the wonderful tidbits I learned from Peter during the training, including:
Doppelganger attacks - does your target have a frequently used site like mail.company.com? Try buying up mailcompany.com with a copy of their email portal (using Social Engineer Toolkit), and the creds might come pouring in!
Get potential usable creds from old breaches (Adobe, Ashley Madison, LinkedIn, Spotify)
When creating phishing payloads, Veil will help you craft something to bypass AV
When you're in a network and have grabbed your first set of creds, run BloodHound or SharpHound to map the Active Directory and find your high-value targets
Check systems for MS17-010 for some potential easy wins
Look for potential accounts that you can Kerberoast
For more info visit today's show notes on 7ms.us
360 episodes available. A new episode about every 6 days averaging 33 mins duration .