Valsmith and I took the stage at Black Hat yesterday to deliver a 150 minute presentation on what we call "Tactical Exploitation". The talk was aimed at penetration testers who find themselves limited in what they can exploit due to artificial constraints placed on their scope.
The first half of the talk focused on lesser-known discovery and fingerprinting tools. Third-party services, such as DomainTools.com and the web interface to Paterva's Evolution product were discussed. The first half ended up with some examples of real-life service fingerprinting, including a graph of traffic activity for a particular web site.
The second half of the talk covered a wide range of topics, from entry points into the external network, to the issues caused by using NAS devices as file servers. This lead into a discussion of NTLM hijacking, NFS tricks, abuse of the OpenSSH master mode, and a demo of stealing Kerberos tickets. More information about these particular attacks and tools will be posted after the Defcon conference.
An updated copy of our slide deck can be found on the Conferences page of the Metasploit website.
We will be giving this talk again, in a condensed format (50 minutes) on Friday, at Defcon, between 16:00 and 16:50 in