Offensive Security recently posted a 20 minute video at their blog in which they reconstructed a pentest they performed. It's an excellent video IMHO. Muts has again done a fantastic job and tried to explain every single step he took.

Penetration Testing in the real world. If you are tired of “Hacking with Netcat” webcasts or “Penetration Testing with RPC DCOM”, then this movie is for you. It’s a quick reconstruction of a Security Audit we preformed over a year ago, replicated in our labs. The video is under 20 minutes long, and highly edited – attacks rarely go as quickly and smoothly as this !

Check the video here:-
http://www.offensive-security.com/videos/penetration-testing-in-the-real-world/

That was a great video thanks for sharing.

I still need to find 20 minutes where I can sit down and watch it. 

Excellent demo and explanation for how they did it and the mindset they used to work into the environment. Some great work and clever thinking.

What I take from it, from the defense side, is that some simple, good practices would have stopped the attack in its tracks.

As an example, if the servers weren't allow outbound access to any locations, the tunneling would have failed. Simple controlled egress filters would have successful "saved" the target from being exploited in this way.

I dunno, but based on the detail that I've heard they have in the OSCP lab (I signed up, today, for the 60-day OSCP v3,) I'd bet they did it pretty quickly.  After all, if you KNOW what you exploited, it shouldn't be too hard to recreate, right? 

Thanks for sharing! downloading now and i will check it later. If it is a DCOM exploit it should be that hard to build it in a replica environment?

Sweet video! Thanks!

Hey,

@mtgarden: I have showed the video to the developers, managers and even a director where I work. I paused the video every  minute or so and explained in simple words what he was doing. It was very, very well received!!!

I will probably start demos and presentations during lunch time on topics such as "How to secure a wireless router", "SQL Injection", "How to code securely", etc...

Even if it wasn't my goal at all, it kind of put me on the map! 

I encourage you guys to do the same.