2016-026-powershell exfiltration and hiring the right pentest firm
BrakeSec Education Podcast · Bryan Brake
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Adam Crompton (@3nc0d3r) and Tyler Robinson (@tyler_robinson) from Inguardians came by to fill in for my co-host this week. We talk about things a company should do to protect themselves against data exfil.
Adam then shows us a tool he's created to help automate data exfil out of an environment. It's called 'Naisho', and if you're taking the 'Powershell for Pentesters' class at DerbyCon, you'll be seeing this again, as Adam will be co-teaching this class with Mick Douglas (@bettersafetynet).
Tyler tells us about using Cobalt Strike for creating persistent connections that are more easily hidden when you are on an engagement.
Adam's demo can be found on our YouTube channel: https://youtu.be/rj--BfCvacY
Tyler's demo of Throwback and using Cobalt Strike can be found on our YouTube Channel:
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-026-exfiltration_techniques-redteaming_vs_pentesting-and-gaining_persistence.mp3
SoundCloud: https://www.soundcloud.com/bryan-brake
Comments, Questions, Feedback: [email protected]
Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake
#Facebook: https://www.facebook.com/BrakeingDownSec/
#Tumblr: http://brakeingdownsecurity.tumblr.com/
#Player.FM : https://player.fm/series/brakeing-down-security-podcast
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/