7MS #428: Tales of Internal Network Pentest Pwnage - Part 20

Welcome to another fun tale of internal pentest pwnage! Today's tale includes these helpful informational tidbits:

My understanding is that in order for mitm6 relay attacks to work against DCs, those DCs have to have LDAPS config'd properly. Use nmap -sV -p646 name.of.domain.controller to verify this (thanks this site for the tip!)
PowerView is awesome when used with Find-InterestingDomainShareFile to find interesting files with the word password or sensitive or other helpful strings.
eavesarp helped me identify some weird hosts on weird subnets sending regular bursts of traffic to "interesting" hosts! Check out this video from Black Hills Infosec to learn more.

I've also got some personal updates for you, including:

Oppdag Premium

Prøv 14 dager gratis

Hør populære podkaster som Storefri med Mikkel og Herman, Ida med hjertet i hånden, Krimpodden og mye mye mer

I appen skaper du ditt eget bibliotek med favoritter, og vi gir deg også anbefalinger til podkaster du ikke kan gå glipp av.

Dersom du er ny Podme-bruker får du 14 dager gratis prøveperiode når du oppretter abonnement

kr 99/mnd

kr 129/mnd

Ubegrenset tilgang til alle dine favorittpodkaster