You've compromised that initial server and gained a foothold in the target network: congratulations! But wait - the shadow file has no hashes but root, the ssh keys have strong passphrases, and all the interesting traffic is encrypted - there's nothing of value here! Or is there? In this talk, I will explore post-exploitation techniques for turning your compromised bastion hosts into active credential interceptors under a variety of blue team monitoring scenarios.
Adam Reiser is a security researcher with Cisco's Advanced Security Initiatives Group. His work includes red team engagements and hunting for zero days. He cultivated an early interest in information security as a sysadmin at the Open Computing Facility at UC Berkeley, while there completing his physics degree. His other interests include acroyoga and riparian restoration.