BHIS Webcast: How to attack when LLMNR, mDNS, and WPAD attacks fail - Eavesarp (Tool Overview)
Update: 2019-06-24
Description
Download slides: https://www.activecountermeasures.com/presentations/
Download eavesarp: https://github.com/arch4ngel/eavesarp
2:26 Introduction, background history covering LaBrea Tar Pits and ARP Cache Poisoning and how they relate to this webcast and how "eavesarp" basically works.
14:15 Demo of "eavesarp" against a Stale Network Address Configuration (SNAC) attack.
28:45 Q&A
Blog post on "eavesarp" by Justin Angel: https://www.blackhillsinfosec.com/analyzing-arp-to-discover-exploit-stale-network-address-configurations
When you are on a pentest (or an internal assessment) there are a large number of different techniques that you can use from an unprivileged workstation to move laterally, get hashes and/or attack services. Attacks techniques taking advantage of protocols and misconfigurations like LLMNR, GPP, mDNS and WPAD are now commonplace in any attack toolbox.
But what if those don't work? Is there anything else in this category of attacks that can help you to easily gain access to other systems? Justin Angel has just written a tool we would like to share with the community that will answer these questions -- Eavesarp.
In this webcast, we talk about an oldish defensive technique that attackers can use to further access on the inside of a network. We know, we are being very coy with telling you exactly what the issue is. But, it is really cool. Trust us. We released a new tool and building on some existing research to bring another tool to the LLMNR, WPAD and mDNS attack toolbox -- Eavesarp.
And yes, we will be offering some tips on defending against these attacks as well.
Download eavesarp: https://github.com/arch4ngel/eavesarp
2:26 Introduction, background history covering LaBrea Tar Pits and ARP Cache Poisoning and how they relate to this webcast and how "eavesarp" basically works.
14:15 Demo of "eavesarp" against a Stale Network Address Configuration (SNAC) attack.
28:45 Q&A
Blog post on "eavesarp" by Justin Angel: https://www.blackhillsinfosec.com/analyzing-arp-to-discover-exploit-stale-network-address-configurations
When you are on a pentest (or an internal assessment) there are a large number of different techniques that you can use from an unprivileged workstation to move laterally, get hashes and/or attack services. Attacks techniques taking advantage of protocols and misconfigurations like LLMNR, GPP, mDNS and WPAD are now commonplace in any attack toolbox.
But what if those don't work? Is there anything else in this category of attacks that can help you to easily gain access to other systems? Justin Angel has just written a tool we would like to share with the community that will answer these questions -- Eavesarp.
In this webcast, we talk about an oldish defensive technique that attackers can use to further access on the inside of a network. We know, we are being very coy with telling you exactly what the issue is. But, it is really cool. Trust us. We released a new tool and building on some existing research to bring another tool to the LLMNR, WPAD and mDNS attack toolbox -- Eavesarp.
And yes, we will be offering some tips on defending against these attacks as well.
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
