5MCT - Movement After Initial Compromise
SleepZ3R0 and HA12TL3Y step forward to share some knowledge regarding what to do after an initial compromise. Initial access is typically obtained through phishing or physical attacks, such as a USB Rubber Ducky, which masquerades as a keyboard with payloads that are auto-typed on device connection. Initial recon once on a compromised system, lateral movement, port forwarding, tradecraft evasion, and tools in use at the time of the talk are discussed.