Tool Shed Demo: Token Tactics: A Tactical Usage Demo | Steve Borosh | WWHF 2023 | allinfosecnews.com

April 27, 2024, 1 p.m. | Wild West Hackin' Fest

Wild West Hackin' Fest www.youtube.com

🔗 Join us in-person and virtually at our Wild West Hackin' Fest Information security conferences — https://wildwesthackinfest.com/

In this demo, BHIS's Steve Borosh will walk you through how an offensive operator may utilize this attack flow beginning with the initial phish, to accessing sensitive files on “restricted” SharePoint sites, and some detections and remediations along the way.

///Black Hills Infosec Socials
Twitter: https://twitter.com/BHinfoSecurity
Mastodon: https://infosec.exchange/@blackhillsinfosec
LinkedIn: https://www.linkedin.com/company/antisyphon-training
Discord: https://discord.gg/ffzdt3WUDe

///Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections

///Black Hills Infosec Services …

amp attack backdoors breaches demo detections files flow hills hoodies incident incident response infosec may offensive phish response restricted sensitive services sharepoint steve

More from www.youtube.com / Wild West Hackin' Fest

Demystifying Design: Making Infosec Look Good | Caitlin Cash | WWHF 2023 1 day, 21 hours ago | www.youtube.com

can communication design easier +15

Exfiltrate and Command Network Nodes Like a Ghost! | Momen Eldawakhly | WWHF 2023 2 days, 21 hours ago | www.youtube.com

attackers basic can check +15

JS-Tap: Weaponizing JavaScript for Red Teams | Drew Kirkpatrick | WWHF 2023 3 days, 21 hours ago | www.youtube.com

applications beyond challenges custom +14

The Terminator Effect: AI's Role in Fighting Cyber Threats | James McQuiggan | WWHF 2023 4 days, 21 hours ago | www.youtube.com

accountability ai models architectures collaboration +28

Hacking Azure AD Identities Nestori Syynimaa | WWHF 2023 5 days, 21 hours ago | www.youtube.com

access access management azure azure ad +23

AD (Addie) and DNS (Dennis): A Match Made in Heck | Jim Sykora & Jake … 6 days, 21 hours ago | www.youtube.com

access active directory authentication computer +16

DevSecOps Worst Practices | Tanya Janca | WWHF 2023 1 week ago | www.youtube.com

best practices devops false positives pipeline +1

That Shouldn't Have Worked – An Intro to Evading AV/EDR | Corey Overstreet | WWHF … 1 week, 1 day ago | www.youtube.com

application attackers attacks change +10

Large Language Models: Disinformation and the Future of Work | Heather Lawrence | WWHF 2023 1 week, 2 days ago | www.youtube.com

campaigns computer computer security deal +13

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Senior - Penetration Tester

@ Deloitte | Madrid, España

View on infosec-jobs.com

Associate Cyber Incident Responder

@ Highmark Health | PA, Working at Home - Pennsylvania

View on infosec-jobs.com

Senior Insider Threat Analyst

@ IT Concepts Inc. | Woodlawn, Maryland, United States

View on infosec-jobs.com