7MS #405: Tales of Internal Pentest Pwnage - Part 16
7 Minute Security12 Maalis 2020

7MS #405: Tales of Internal Pentest Pwnage - Part 16

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.

Today's episode of pentest pwnage is the (hopefully) exciting conclusion to this episode. Last we left this pentest, we ran into some excellent blue team defenses, including:

  • MFA on internal servers (which we bypassed)
  • Strong passwords
  • Limited vulnerable protocols (LLMNR/Netbios/etc) available to abuse for cred-capturing
  • Servers that were heavily firewalled off from talking SMB to just any ol' subnet nor the Interwebs (here's a great video on how to fine-tune your software firewall chops)

In today's episode we talk about:

  • How maybe it's not a good idea to make computer go completely "shields down" during pentests

  • Being careful not to fat-finger anything when you spawn cmd.exe with creds, like

runas /netonly /user:samplecompany\billybob "C:\windows\system32\cmd.exe"

  • Being careful not to fat-finger anything when using CrackMapExec

  • How fundamental and really effective blue team controls (such as the ones mentioned above) can really make pentesting a headache!

  • How you should be careful when spawning shells with MultiRelay (part of Responder is it creates new services on your victim machine

Has the 7MS podcast helped you in your IT and security career? Please consider supporting us!

Jaksot(714)

7MS #337: Happy Secure Thanksgiving

7MS #337: Happy Secure Thanksgiving

Happy Thanksgiving! In this episode I: Share some things I'm thankful for - like you! Talk about a fun episode I'm working on that has some SIEMple tests you can use to test your SIEM (omg see what I...

21 Marras 201827min

7MS #336: How to Succeed in Business Without Really Crying - Part 6

7MS #336: How to Succeed in Business Without Really Crying - Part 6

Welcome to part 6 of our miniseries all about the ups, downs, trials and tribulations of being a small, one-person security start up. In this episode I detail out all the software/services I use to ru...

14 Marras 201823min

7MS #335: Cool Stuff I Just Learned From Red Teamers

7MS #335: Cool Stuff I Just Learned From Red Teamers

Today I'm excited to brain-dump a bunch of cool stuff I learned at a red team conference called ArcticCon this week. Although this conference observes the Chatham house rule I'm just going to talk abo...

8 Marras 201813min

7MS #334: IT Security Horrors That Keep You Up at Night

7MS #334: IT Security Horrors That Keep You Up at Night

This week I got to celebrate Halloween with my friends at Netwrix by co-hosting a Webinar called IT Security Horrors That Keep You Up at Night. The content was a modified version of the Blue Team on a...

1 Marras 201823min

7MS #333: Pentesting Potatoes

7MS #333: Pentesting Potatoes

This week I was in lovely Boise, Idaho doing some security assessment work. While I was there I got to hang out with Paul Wilch and some of the Project7 crew and picked up a lot of cool tools and tips...

26 Loka 201813min

7MS #332: Low Hanging Hacker Fruit

7MS #332: Low Hanging Hacker Fruit

In this episode I'm releasing a new document aimed to help organizations eliminate low hanging hacker fruit from the environment. The document contains (relatively) cheap and (relatively) easy things ...

17 Loka 20188min

7MS #331: How to Become a Packtpub Author - Part 3

7MS #331: How to Become a Packtpub Author - Part 3

It's done! It's done!! It's DONE!!! That's right mom, my PacktPub course called Mastering Kali Linux Network Scanning is done! In today's episode I: Recap the course authoring experience Explain m...

10 Loka 20187min

7MS #330: Interview with Nathan Hunstad of Code42

7MS #330: Interview with Nathan Hunstad of Code42

In today's episode, I'm excited to be joined in the studio by Nathan Hunstad, Director of Security at Code42. Nathan and I had a great chat about Code42's new security offering called Code42 Forensic ...

3 Loka 201852min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
politiikan-puskaradio
ootsa-kuullut-tasta-2
rss-ootsa-kuullut-tasta
tervo-halme
rss-podme-livebox
rss-vaalirankkurit-podcast
otetaan-yhdet
the-ulkopolitist
et-sa-noin-voi-sanoo-esittaa
rss-asiastudio
aihe
rikosmyytit
rss-merja-mahkan-rahat
rss-kaikki-uusiksi
rss-hyvaa-huomenta-bryssel
rss-vain-talouselamaa
rss-polikulaari-pitka-kiekko-ja-muut-ts-podcastit
rss-raha-talous-ja-politiikka