May 26

Webinar takeaway: Setting the Trap – Crafty Ways the Bad Guys Trick Your Users to Own Your Network


My key takeaways

  • Hafnium exploited the vulnerability shortly after M$ showed it in the MAP program group. Coincidence?
  • A DC usually runs DNS, so easy to find for an attacker
  • patch before the FBI will do it for you
  • pretexting might be even more effective then phishing
    • example: Teenager compromised Twitters god mode panel through calling twitter employees in 2020
  • "Cialdini’s Principles of Persuasion" needed for pretexting
    1. Reciprocation
    2. Commitment & Consistency
    3. Social Proof
    4. Liking
    5. Authority
    6. Scarcity
    7. Unity
  • Social engineering pro tip: let your target know what information you already have, will make you more believable and give authority
  • Kevin Mitnick’s warning about the "Darkside" group
    • looking up insurance policies to understand limits for ransom
    • offering day traders to sell shorts on victim
  • Demo "Exchange" (Hafnium)
  • Demo "VM VSphere Vcenter"
    • Target of this attack: steal a snapshot of memory of the DC to offline extract credentials from it, using windows debugger and mimikatz
    • Vcenter should be internal, not internet facing. Mitigate risk by putting it behind an additional VPN
    • Bad actors phish local workstation and the proxy through it to Vcenter. Mitigate by segmenting your network properly


additional links

  • Pretexting masterpiece according to Kevin Mitnick:


social engineering

You may also like

Webinar takeaway – Nuclear Ransomware 3.0: We Thought It Was Bad and Then It Got Even Worse

Webinar takeaway – Nuclear Ransomware 3.0: We Thought It Was Bad and Then It Got Even Worse

Event takeaway: Layer8 Conference

Event takeaway: Layer8 Conference
Leave a Reply

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit markiert.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}