Scott Miller

Thanks for the help everyone! Ultimately I'm pretty sure I'd need to use ARP poisoning, which is definitely out of scope as this isn't a sanctioned exercise. Alternately from an insider threat perspective I could capture traffic on the insecure servers, but I'm gonna call that out of scope for now as well.

Pleasantly surprised to find the problem isn't quite as bad as I expected, but still not great.

Dec 28, 2017 at 6:30pmWeb
Show threadJerry πŸ¦™πŸ’πŸ¦™Dec 28, 2017
@Miller_Geek the problem isn’t as bad since switched networks came in. Wifi is still problematic. The issue is that attackers can pop up in unpredictable locations - say on a server - and capture passwords. Now, someone that can do that already has enough access to cause major problems, but the name of the game lately is blending in, and stealing legit creds is a common tactic.
Show threadJerry πŸ¦™πŸ’πŸ¦™Dec 28, 2017
@Miller_Geek OTOH, I have worked on a lot of breaches and I can’t recall any where the adversary stole unencrypted creds.
Show threadScott MillerDec 28, 2017
@jerry I can see several attack vectors with some of the bad practices going on here, but nothing I'd be comfortable exploiting without establishing rules of engagement with the company.