blacky сказал(а):
Here's a methodology you might consider after gaining access to VPNs:
Initial Reconnaissance:
Gather information about the network infrastructure, systems, and services available.
Identify potential targets of interest within the network.
Privilege Escalation:
Exploit vulnerabilities in systems to escalate privileges and gain higher levels of access.
Look for misconfigurations, weak passwords, or known exploits to escalate privileges.
Lateral Movement:
Move laterally within the network to explore and access other systems (read about MITRE and try implementing them)
Exploit trust relationships between systems to expand your foothold.
Regarding networking with other pentesters and potentially joining a team:
Нажмите, чтобы раскрыть...
Chatgpt ass reply
For the poster -
Evading AV/EDR can be extremely simple, or extremely hard. You have access to 25-30 vpns, it seems like you got a pretty good method for getting access. It should be okay for you to fail a little bit. Try some shit out. Get some experience in what works and what doesnt.
Look into how EDRs work.. look at Elastic EDRs' public detection rules and other public detection rules. They outline what specific actions trigger an alert. They wont cover absolutely everything but should give you a solid grasp. For exfiltrating data in an EDR protected environment
you may be able to do so by utilizing services already in use in that organization. For example if they use Microsoft OneDrive for cloud storage, you can exfiltrate the data to a OneDrive server which would make the network traffic look less suspicious.
Look into AV/EDR kill scripts. Every once in a while someone releases an EDR killer script that uses a vulnerable driver to kill whatever AV/EDR is running. You can also make one yourself which would likely give you better results.
Youre also gonna need to make a tool that automatically searches for and retrieves sensitive information. A good place to start is just automatically pulling all .txts, images, .pdf, .doc, .excel, powerpoint, .sql, .git, etc. You can also create REGEXs that search for specific types of info.
For example, you can create a REGEX that looks for a 16 digit string, that could be a credit card. You can go even further and include stuff like the first number being 4 for visa and 5 for mastercard. Here is the format (in python)
Python:
Скопировать в буфер обмена
pattern = r"(?P<format1>\d{4}-\d{4}-\d{4}-\d{4})|(?P<format2>\d{16})"
The networking aspect is going to be difficult. Very few if any experienced people are going to just be willing to take on a new guy and teach him their secret sauce. Most of these groups hang out on telegram or IRC chats that are private and gatekept. You'll have more luck
if you bring something to offer (which you do, you seem to be good at getting initial access). You can start by offering to sell the credentials to the vpn. People who know what theyre doing after the initial access will be the ones buying from you. You can make long term relationships through
that and offer your best customers a partnership of some sorts.
Good luck.
Последнее редактирование: 22.03.2024