7MS #371: Tales of Internal Pentest Pwnage - Part 4
7 Minute Security12 Heinä 2019

7MS #371: Tales of Internal Pentest Pwnage - Part 4

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://pro.tv/7minute

Happy belated 4th of July! Today I've got another fun tale of internal pentest pwnage that comes out of a few recent assessments I did. These tests were really fun because the clients had good defensive measures in place, such as:

  • Having separate accounts for day-to-day operations and administrative/privileged tasks
  • Local Administrator account largely disabled across the enterprise
  • Lean membership in privileged groups (Domain Admins, Enterprise Admins, Schema Admins, etc.)
  • Hard-to-crack passwords!

Will I succeed in getting a solid foothold on this network and (hopefully) escalate to Domain Admin? Check out today's episode to find out!

Kokeile Premiumia

Nauti 14 päivää ilmaiseksi

Kokeile ilmaiseksiArrow Right

Jaksot(687)

7MS #688: Building a Pentest Training Course Is Fun and Frustrating

7MS #688: Building a Pentest Training Course Is Fun and Frustrating

Today I talk about a subject I love while also driving me crazy at the same time: building a pentest training course! Specifically, I dissect a fun/frustrating GPO attack that I need to build very carefully so that every student can pwn it while also not breaking the domain for everybody else. I also talk about how three different flavors of AI failed me in solving a simple task.

16 Elo 22min

7MS #687: A Peek into the 7MS Mail Bag – Part 5

7MS #687: A Peek into the 7MS Mail Bag – Part 5

Hi friends, we’re doing something today we haven’t done in a hot minute: take a dip into the 7MinSec mail bag! Today we cover these questions: If I’m starting a solo business venture as a security consultancy, is it a good idea to join forces with other solo security business owners and form a consortium of sorts? Have you ever had anything go catastrophically wrong during a pentest?  Yes, and this is an important link in the story: https://github.com/fortra/impacket/issues/1436 What ever happened with the annoying apartment neighbor who stomped around like a rhino when you made any noise during COVID? What happened to the “difficult family situation” you vaguely talked about a few months ago that involved police and lawyers – did that ever get resolved?

11 Elo 57min

7MS #686: Our New Pentest Training Course is Almost Ready

7MS #686: Our New Pentest Training Course is Almost Ready

Oh man, I’m so excited I can hardly sleep. Our new three-day (4 hours per day) training is getting closer to general release. I talk about the good/bad/ugly of putting together an attack-sensitive lab that students can abuse (but hopefully not break!), and the technical/curriculum-writing challenges that go along with it.

1 Elo 23min

7MS #685: The Time My Neighbor Almost Got Scammed Out of $13K

7MS #685: The Time My Neighbor Almost Got Scammed Out of $13K

Today’s kind of a “story time with your friend Brian” episode: a tale of how my neighbor almost got scammed out of $13k.  The story has a lot of red flags we can all keep in mind to keep ourselves (as well as kids/friends/parents/etc.) safer from these types of shenanigans.

25 Heinä 22min

7MS #684: Pwning Ninja Hacker Academy

7MS #684: Pwning Ninja Hacker Academy

Hey friends, today we start pwning Ninja Hacker Academy – cool CTF-style lab that has you start with no cred and try to conquer domain admin on two domains!

18 Heinä 22min

7MS #683: What I'm Working on This Week - Part 4

7MS #683: What I'm Working on This Week - Part 4

This week I’m working on a mixed bag of fun security and marketing things: A pentest I’m stuck on My latest lab CTF obsession: Ninja Hacker Academy A cool “about 7MinSec” marketing video that was recorded in a pro studio!

12 Heinä 30min

7MS #682: Securing Your Family During and After a Disaster – Part 7

7MS #682: Securing Your Family During and After a Disaster – Part 7

Today’s episode is a downer! We talk about things you might want to have buttoned up for when you are eventually not alive anymore: Living will Buried vs. cremated? Funeral plans Funeral PHOTOS? I also talk about how my dad broke his ribs while trying to break a chimpmunk, and how a freak 4-wheeler accident also had my ribs in agony.

4 Heinä 30min

7MS #681: Pentesting GOAD – Part 3

7MS #681: Pentesting GOAD – Part 3

Today Joe “The Machine” Skeen and I pwn the third and final realm in the world of GOAD (Game of Active Directory): essos.local!  The way we go about it is to do a WinRM connection to our previously-pwned Kingslanding domain, coerce authentication out of MEEREEN (the DC for essos.local) and then capture/abuse the TGT with Rubeus!  Enjoy.

27 Kesä 18min

Kaikki yhdessä sovelluksessa

Kuuntele kaikki suosikkipodcastisi ja -äänikirjasi yhdessä paikassa.

Sinulle valikoitua sisältöä

Podme-sovelluksessa kokoat suosikkisi helposti omaan kirjastoosi. Saat meiltä myös kuuntelusuosituksia!

Jatka kuuntelua koska tahansa

Voit jatkaa siitä mihin jäit, myös offline-tilassa.

Premium

9,99 €/kk

  • Kaikki premium-podcastit
  • Ei mainoksia
  • Ei sitoutumista, peruuta koska tahansa

Premium

13,99 €/kk

  • Kaikki premium-podcastit
  • Ei mainoksia
  • Ei sitoutumista, peruuta koska tahansa
  • Yksi lisäkäyttäjä

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
aikalisa
ootsa-kuullut-tasta-2
politiikan-puskaradio
otetaan-yhdet
rss-vaalirankkurit-podcast
aihe
et-sa-noin-voi-sanoo-esittaa
rss-sinivalkoinen-islam
rss-raha-talous-ja-politiikka
the-ulkopolitist
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
rikosmyytit
politbyroo
linda-maria
rss-kaikki-uusiksi
rss-merja-mahkan-rahat
radio-antro
rss-agility-unite-podcast
rss-etusivu

Tarinat ja äänet, joita rakastat kuunnella

Kuuntele kaikki suosikkipodcastisi ja -äänikirjasi

Lue lisääArrow Right