Webcast: A Blue Team’s Perspective on Red Team Hack Tools

---

---

---

---

Kent and Jordan are back to continue their journey to make the world a better place. This time around, they will be reviewing a series of tools commonly used on pentests to identify flaws in Active Directory and general network design and implementation.

You’ve probably heard of most of them, like BloodHound, ADExplorer, mimikatz…, wait, Mimikatz as a Blue Team? Yeah, it might be a bit of a stretch, but they’ll get there. Even better, with an introduction to various adversarial simulation frameworks, you can start your own journey of constant improvement. Nmap, CrackMap, BingMaps, and Domain Password Spray. (Re: BingMaps — just checking to see if you’re actually reading these, at this point, our response rate records keep getting shattered, and we just want someone to call us out – the BingMaps API is really cool though).

In a world seemingly gone mad, come find some solace with these two as they share new discoveries, a tool drop from Kent (which will potentially change the BloodHound game), and more.

Let’s help the world detect attacks at a higher rate! Let’s skew the Verizon DBR’s reported numbers! Let’s get better together!

Thanks, as always, and we look forward to spending time with those of you who can join us

Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_RedTeamToolsBlueTeamPerspective.pdf

0:00 – Big Fish

0:28 – Question & Enhance

2:51 – Executive Summary

3:58 – Executive Problem Statement

8:48 – Red Team Tools are Red Team Tools

13:39 – Optics(3)

16:22 – SIGMA and SIGMAC

22:13 – Red Team Tool : Responder

25:35 – Red Team Tool : CrackMapExec

29:57 – Red Team Tool : DomainPasswordSpray

38:48 – Red Team Tool : Mimikatz

46:41 – Red Team Tool : BloodHound

50:59 – Blue Team Tool : Plumbhoud

58:38 – Final Thoughts