6The New Way (my way!) Recon Plan Exploit Persist Repeat Simple, right?!- Pen testing is more of an art than a science!- Not simple! The focus shifts from checking the box testing to not getting caught and finding ANY hole or vulnerability.
7The New Way (continued) ReconPlanExploitPersistDomain Admin?Report!YesNo
10Recon – Pre-engagment Target IT Social Networking Create profile LinkedInFacebookGoogleBingCreate profilePlay to their egoPlay to desperationPlay to what you know- Called a target to identify AV before sending over file- Take people’s niceness and use it against them!
11Recon – Pre-engagment Social Engineering - Called a target to identify AV before sending over file- Take people’s niceness and use it against them!
18ReconWhat do we have?High value servers (domain controller, file servers, , etc.)Group and user listDomain adminsOther high value targetsInstalled applicationsDetailed account informationHashes and passwords- This can be automated using batch scripts or even better…METERPRETER scripts!- All this information after 5-10 minutes of recon!