Living off the land: enterprise post-exploitation

DerbyCon 8.0 - Evolution

Presented by: Adam Reiser
Date: Sunday October 07, 2018
Time: 13:00 - 13:50
Location: Kentucky E
Track: Track 3

You've compromised that initial server and gained a foothold in the target network: congratulations! But wait - the shadow file has no hashes but root, the ssh keys have strong passphrases, and all the interesting traffic is encrypted - there's nothing of value here! Or is there? In this talk, I will explore post-exploitation techniques for turning your compromised bastion hosts into active credential interceptors under a variety of blue team monitoring scenarios.

Adam Reiser

Adam Reiser is a security researcher with Cisco's Advanced Security Initiatives Group. His work includes red team engagements and hunting for zero days. He cultivated an early interest in information security as a sysadmin at the Open Computing Facility at UC Berkeley, while there completing his physics degree. His other interests include acroyoga and riparian restoration.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats