[Online] Hands on Learning (2 of 3) - Windows AD Exploit Discovery & Exploit

At this MeetUp session we will focus on MS Windows (Client / Server) and AD exploits. So bring your Kali and be prepared to learn a skill useful as a penetration tester.

*** CSJ Lab VPN login credentials will be sent via email prior to the MeetUp to those who register.

During the 12 Aug MeetUp we covered NTLM and SMB exploits to include password cracking and token impersonation.

During previous MeetUps we focused on using the Intruder and Repeater features of Burp Suite to intercept web arguments, change them, and more. We explored EyeWitness and performed initial configuration of Burp Suite plus Firefox proxy during our 10 June MeetUp event.

During May MeetUp sessions, we explored Local File Inclusion (LFI) and Remote File Inclusion (RFI) against a purpose built vulnerable VM in the CSJ-Lab at ..99.64 Each person had the opportunity to disable the PHP service on their local Kali VM in order to host the PHP WebShell as a non-executing static flat file. This PHP WebShell once consumed by the target web server turned the FireFox web browser within Kali into an iterative shell. This exploit did not require uploading the PHP WebShell file to the target web-server.

Also we wrote Python to create a Server / Client remote shell. Each person had the opportunity to write approximately 20 lines of code to establish a remote shell between two systems. Prior knowledge of Python was not required because we discussed every line of code in detail for both the server and client scripts.

So this upcoming MeetUp session will be equally hands on detailed.

Come challenge yourself while attempting to compromise several vulnerable Windows and Linux targets within the Cyber Security Journey Lab. New targets added frequently. Instructions for accessing the lab will be provided prior to start of our MeetUp. Use this time to explore different tools and methods for hacking the targets inside the lab. Document the tools and techniques you tried so we can discuss what worked and why during our Wednesday evening MeetUp time.

This meetup will progressively increase your Penetration Testing/Ethical Hacking experience through hands on workshops that are focused on IT topology discovery, vulnerability detection and compromise, plus post exploitation development.

We welcome eager to learn Cyber Security enthusiasts, no matter if they are experienced or new to the field!!!

--- All Meeting Agendas ---

• Socializing and getting to know your fellow Cyber Security Journey attendees
• Introducing yourself and tell us something IT or Security related that you learned this week
• Old Business/New Business
• Lecture/Demo/Instruction/Learning
• Ethical hands-on practice in a lab using your laptop

--- An ideal CSJ meetup laptop has the following ---
-Modern hardware
-Installed and updated Kali or Parrot OS Linux (probably in your favorite VM software, which for most users is VirtualBox [free at https://www.virtualbox.org/])
-Installed and updated OpenVAS (free at http://www.openvas.org/)
-Installed and updated Nessus (at http://www.tenable.com/)

Both Kali Linux and Parrot OS (Security Edition) Linux have over 600 preinstalled digital forensics and penetration testing programs. They can run natively when installed on a computer's hard disk, can be booted from a live CD or live USB, or they can run within a virtual machine. Parrot OS has extra software installed like OpenVAS and Libre Office. Both are free.

Download Kali
https://www.kali.org/downloads/

Setup Kali
https://www.youtube.com/watch?v=FVmWMogGX4Q

Download ParrotOS
https://parrotlinux.org/download-security.php

Helpful ParrotOS
https://www.youtube.com/watch?v=Oy4-tMDkaag

Download Nessus
https://www.tenable.com/products/nessus/nessus-essentials

An ideal Cyber Security Journey meetup member is one who:
-Is willing and tries to contribute back to the meetup group
-Explores security topics and tools several times a week
-Shares security topics and tool knowledge with the meetup group
-Has an eagerness to learn

So, bring your hacking laptop and a willingness to share and learn.