Offensive security

Living off the land and why it’s so hard to pick up good hackers

Posted on 2020-02-11 by Matt Strahan in Offensive security


A lazy Tuesday

“I need a list of high value clients for our board meeting tomorrow. Get it to me so I can review it and practice tonight.”

As much as she’d like everyone to submit tickets over the fancy ITSM system the CIO paid for, when the CIO gives a direct request like that, Steph the sysadmin just has to follow. Luckily although it’s annoying to get this kind of request in the afternoon, it’s not particularly hard to fulfil.

Steph loads up Tableau. With SSO she doesn’t even need to sign in. She can make a custom report of the high value clients, plug in financials and client figures, and click export. The report, though, is a bit big so she can’t just send it over email. Instead, she knows the CIO can retrieve it over Office365, so she uses OneDrive and sends the CIO the link so he can download it when he’s at home.

She only has one more task. Someone in finance put in a ticket to reset their password. Steph logs into Active Directory, resets the password, and sends the info to finance. Done for the day, she packs up.

Continue reading