Credential Access with LaZagne

Focused View

Gavin Johnson-Lynn

21:15

71 View

Exercise Files

credential-access-lazagne.zip

Module 1 - Course Overview

1. Course Overview.mp4

01:16

Module 2 - Extracting Credentials with LaZagne

1. Understanding LaZagne.mp4

07:07

2. Installing and Compiling LaZagne.mp4

03:23

3. Gathering Credentials from Web Browsers.mp4

02:43

4. Gathering Credentials from Files.mp4

02:08

5. Gathering All of the Passwords.mp4

02:34

Module 3 - Resources

1. Additional Resources.mp4

02:04

Description

In this course, you will learn privilege escalation using LaZagne, a post-exploitation tool used to recover credentials from a system.

What You'll Learn?

After initial access to a system, the next goal is typically to elevate privileges and exploit further systems. LaZagne retrieves credentials from a wide variety of operating system and software sources that help to do just that. In this course, Credential Access with LaZagne, you’ll learn how to utilize LaZagne to escalate privileges in a red team environment. First, you’ll explore getting credentials stored in browsers, one of the key features of LaZagne. Next, you’ll see how to get credentials from some of the many other programs that store them on a system. Finally, you’ll learn how to get LaZagne to extract as many credentials as it can find from a system, along with how to store them in a file for easy automation. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques: Credentials from Password Stores: Credentials from Web Browsers (T1555.003) and Unsecured Credentials: Credentials In Files (T1552.001) using LaZagne. Knowing how these techniques can be used against you will ultimately lend to your ability as an organization, or an individual, to detect and defend against specific attack vectors.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Penetration Testing

Network Security

Gavin Johnson-Lynn

Instructor's Courses

Gavin has 20 years’ experience writing software in regulated environments and for global organisations. The last five years of his development career were spent with a focus on security, becoming the security lead for a significant payments project at a FTSE 100 company. He has experience with languages from COBOL to .Net and now often finds those skills useful when developing with Python. Gavin's experience of software security revealed a passion for security, leading him to become a speaker and blogger on the subject. Gavin holds the Certified Secure Software Lifecycle Professional (CSSLP) and Scrum Master certifications and is currently part of an offensive security team, using his defensive knowledge to aid offensive security work.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.