After initial access to a system, the next goal is typically to elevate privileges and exploit further systems. LaZagne retrieves credentials from a wide variety of operating system and software sources that help to do just that. In this course, Credential Access with LaZagne, you’ll learn how to utilize LaZagne to escalate privileges in a red team environment. First, you’ll explore getting credentials stored in browsers, one of the key features of LaZagne. Next, you’ll see how to get credentials from some of the many other programs that store them on a system. Finally, you’ll learn how to get LaZagne to extract as many credentials as it can find from a system, along with how to store them in a file for easy automation. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques: Credentials from Password Stores: Credentials from Web Browsers (T1555.003) and Unsecured Credentials: Credentials In Files (T1552.001) using LaZagne. Knowing how these techniques can be used against you will ultimately lend to your ability as an organization, or an individual, to detect and defend against specific attack vectors.
Author Name: Gavin Johnson-Lynn
Author Description:
Gavin has 20 years’ experience writing software in regulated environments and for global organisations. The last five years of his development career were spent with a focus on security, becoming the security lead for a significant payments project at a FTSE 100 company. He has experience with languages from COBOL to .Net and many languages in between. Gavin’s experience of secure development revealed a passion for security, leading him to become a speaker and blogger on the subject. He has held… more