@@BlackHillsInformationSecurity I'm seeing a lot of stale ARP from the switch gateway. I can't nail it down but I'm suspecting it might be devices outside my VLAN trying to talk to stale addresses? I'm not a networking expert unfortunately but I am learning. Any other thoughts why that might be / if it's something I should pursue?
@@evansyoutubehandle if the target is stale, then a host from a different subnet could potentially be trying to resolve it. If the target is actually stale and on your subnet, I recommend aliasing your interface to assume that IP. The -ar flag in eavesarp should confirm if a given target is stale.
@@justinangel86 thanks! I was able to assume the IP. I tried several and the most interesting thing I got was SNMP requests to what used to be a printer, but I'm definitely interested in trying this out more in the future! It's like opening a gift every time. You don't know what it is, but it could be domain admin!
![FNAF Into the Pit has A LOT of Unused Graphics | LOST BITS [TetraBitGaming]](http://i.ytimg.com/vi/6YhZCRdipl4/mqdefault.jpg)
Literally on an engagement and this is happening. Thanks BHIS!
That's Awesome!! Thanks for letting us know. Hope it goes well.
@@BlackHillsInformationSecurity I'm seeing a lot of stale ARP from the switch gateway. I can't nail it down but I'm suspecting it might be devices outside my VLAN trying to talk to stale addresses? I'm not a networking expert unfortunately but I am learning. Any other thoughts why that might be / if it's something I should pursue?
Nice! Let us know if you get some sweet traffic by sploiting those SNACs!
@@evansyoutubehandle if the target is stale, then a host from a different subnet could potentially be trying to resolve it. If the target is actually stale and on your subnet, I recommend aliasing your interface to assume that IP.
The -ar flag in eavesarp should confirm if a given target is stale.
@@justinangel86 thanks!
I was able to assume the IP. I tried several and the most interesting thing I got was SNMP requests to what used to be a printer, but I'm definitely interested in trying this out more in the future! It's like opening a gift every time. You don't know what it is, but it could be domain admin!
first let me thank you and tell you that BHI is one of the best youtube channels, second can i use llmnr remotly , like in meterpreter session ?
Generally, LLMNR will be limited only to a broadcast domain (afaik)
Maybe redirect traffic though tunnel, just thinking out loud