Join us in the Black Hills InfoSec Discord server here: to keep the security conversation going! Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- 00:00 - Preshow Announcements 02:26 - LaBrea Tar Pits and ARP Cache Poisoning and how "eavesarp" basically works. 08:49 - A Note on Admins... 14:15 - Demo of "eavesarp" against a Stale Network Address Configuration (SNAC) attack. 28:45 - Q&A Blog post on "eavesarp" by Justin Angel: When you are on a pentest (or an internal assessment) there are a large number of different techniques that you can use from an unprivileged workstation to move laterally, get hashes and/or attack services. Attacks techniques taking advantage of protocols and misconfigurations like LLMNR, GPP, mDNS and WPAD are now commonplace in any attack toolbox. But what if those don't work? Is there anything else in this category of attacks that can help you to easily gain access to other systems? Justin Angel has just written a tool we would like to share with the community that will answer these questions -- Eavesarp. In this webcast, we talk about an oldish defensive technique that attackers can use to further access on the inside of a network. We know, we are being very coy with telling you exactly what the issue is. But, it is really cool. Trust us. We released a new tool and building on some existing research to bring another tool to the LLMNR, WPAD and mDNS attack toolbox -- Eavesarp. And yes, we will be offering some tips on defending against these attacks as well. Download slides: Download eavesarp: Black Hills Infosec Socials Twitter: Mastodon: @blackhillsinfosec LinkedIn: Discord: Black Hills Infosec Shirts & Hoodies Black Hills Infosec Services Active SOC: Penetration Testing: Incident Response: Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: Play B&B Online: Antisyphon Training Pay What You Can: Live Training: On Demand Training: Educational Infosec Content Black Hills Infosec Blogs: Wild West Hackin' Fest YouTube: Active Countermeasures YouTube: Antisyphon Training YouTube: Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: #bhis #infosec