0wning the network with CrackMapExec v4.0
Рет қаралды 11,579
6 жыл бұрынWild West Hackin' Fest 2017
Ever needed to pentest a network with 10 gazillion hosts with a very limited time frame? Ever wanted to Mimikatz entire subnets? How about shelling entire subnets? How about dumping SAM hashes? Share spidering? Keeping track of all the credentials you pillaged? (The list goes on!) And doing all of this in the stealthiest way possible? Look no further than CrackMapExec! CrackMapExec (a.k.a CME) is a modular post-exploitation tool written in Python that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of "Living off the Land": abusing built-in Active Directory features/protocols to achieve it's functionality and allowing it to evade most endpoint protection, IDS and IPS solutions. Although meant to be used primarily for offensive purposes, CME can be used by blue teams as well to assess account privileges, find misconfigurations and simulate attack scenarios. In this demo heavy talk, I will be showing off v4.0, a major update to the tool bringing more feature and capabilities than ever before! Additionally, we will be taking a deep dive into the internals of the tool itself to understand what makes it 'tick', how to properly defend against it and how to customize it to your needs! If you are interested in the latest and greatest Active Directory attacks/techniques, weaponizing them at scale and general cool AD stuff this is the talk for you!
_______________________________________________________
Marcello Salvati (@byt3bl33d3r) is a security consultant who's really good at writing bios. He's so good at writing bios that he was awarded the 'The Best Bio Ever from insert date when bios became a thing to 2017" award. (Totally legit award. Don't Google it, Bing it). His boss Liz asked him about ten times to re-write his bio because "It was too good. He had to make it less good. We didn't want people to cry in shame when they read it. It was like a poem ... sniff.. *a single tear is shed*". By day a security consultant, by night a tool developer who discovered a novel technique to turn tea, sushi and dank memes into somewhat functioning code he has recently devoted his attention to the wonderful rabbit hole that is Active Directory which has become his favorite thing to 0wn.
@IteLuis 5 жыл бұрын
Awesome!!
@hackmasterHQ Жыл бұрын
It comes with Kali Linux but can't find the modules.
@aloodunayo1427 5 жыл бұрын
Good talk
@jeremynaipaul5729 5 жыл бұрын
Amazing
@cristianjuarez1086 3 жыл бұрын
4:42 someone is using his own tool to troll him lol
@trustedsecurity6039 Жыл бұрын
learn to read
@cristianjuarez1086 Жыл бұрын
@@trustedsecurity6039 uh?
@trustedsecurity6039 Жыл бұрын
@@cristianjuarez1086 told us who troll who at 4:42???
@cristianjuarez1086 Жыл бұрын
@@trustedsecurity6039 uh, no
@trustedsecurity6039 Жыл бұрын
@@cristianjuarez1086 yeah because nobody is usong his own tool to troll him... learn to read a github issue...
Wild West Hackin' Fest
Рет қаралды 4,9 М.
Khabar SPORT
Рет қаралды 342 М.
💀Skeleton Ninja🥷【にんげんっていいなチャンネル】
Рет қаралды 8 МЛН
HackerSploit
Рет қаралды 137 М.
Wild West Hackin' Fest
Рет қаралды 188
Wild West Hackin' Fest
Рет қаралды 122