The Cyber Threat Perspective
Episode 121: How We Evade Detection During Internal Pentests
Jan 24, 2025
Dive into the intriguing world of evasion in internal penetration testing. Discover how security professionals cleverly navigate detection systems using customized tools and obfuscation methods. Learn about adapting techniques to overcome modern security challenges, as well as the role of languages like PowerShell and C#. Explore advanced tactics like token duplication for lateral movement, emphasizing the need for better monitoring to catch subtle threats. This insightful discussion bridges the gap between offensive strategies and defensive measures in cybersecurity.
40:44
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- Understanding evasion techniques helps defenders strengthen security measures against sophisticated threats, elevating their preparedness in a dynamic landscape.
- The use of trusted tools and modified binaries by pen testers highlights innovative strategies to blend into network operations while simulating real threats.
Deep dives
Understanding Evasion in Internal Pen Testing
Evasion is a crucial aspect of internal penetration testing, as it enables pen testers to avoid detection while exploring vulnerabilities within a network. The conversation highlights the need for defenders to grasp various evasion techniques used by threat actors to better prepare their defenses. By understanding common methods of evasion, cybersecurity professionals can engage in more informed discussions about security products and what to expect from penetration tests. The podcast emphasizes the importance of these discussions, which are often overlooked in IT circles, despite their significance in the field of offensive security.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
