Jumping from Tenable's SecurityCenter CV to production environments

Abstract

This talk will cover passive (extracting information on assets, users, passwords, private keys, etc.) and active (encrypted credentials) information gathering on a rooted server with installed Tenable’s SecurityCenter. Moreover, a method for lateral movement from DMZ to production environments using features of Nessus scanning will be demonstrated. It will help red teams to penetrate deeper into internal networks, especially into those containing highly valuable information, like cardholder data environments. From the blue team perspective, the demonstrated techniques will help better understand the risk of vulnerability scanners placed unattended in DMZ zones.

Dr. Oleksandr Kazymyrova fan of science

Jumping from Tenable's SecurityCenter CV to production environments

Abstract

Author

Oleksandr Kazymyrov

Dr. Oleksandr Kazymyrova fan of science

Abstract

Related Posts

Data Exfiltration and Prevention Techniques 27 Aug 2022

Vulnerability Management: Main Misunderstandings 22 Jun 2022

Time-Lapse in Industry: 5 Years in 40 minutes 25 Nov 2019

Author

Oleksandr Kazymyrov