7MS #610: DIY Pentest Dropbox Tips – Part 9
7 Minute Security9 Helmi 2024

7MS #610: DIY Pentest Dropbox Tips – Part 9

Hey friends, today we cover a funstrating (that's fun + frustrating) issue we had with our DIY pentest dropboxes. TLDL:

  • The preseed file got jacked because I had a bad Kali metapackage in it.
  • While I was tinkering around with preseed files, I decided it would be more efficient to have the Kali ISO call that preseed file directly over HTTP (rather than make a new ISO every time I made a preseed change). To accomplish that:
    • Mount the Kali ISO
    • Explore to isolinux > txt.cfg
    • Modify the txt.cfg to include a custom boot option that calls your preseed over HTTP. For example:
label install menu label ^Install Yermaum kernel /install.amd/vmlinuz append net.ifnames=0 preseed/url=https://somewebsite/kali.preseed locale=en_US keymap=us hostname=kali777 domain=7min.sec simple-cdd/profiles=kali desktop=xfce vga=788 initrd=/install.amd/initrd.gz --- quiet

Jaksot(713)

7MS #9: Information Security for the Whole Family (audio)

7MS #9: Information Security for the Whole Family (audio)

In this episode I talk about how being an infosec guy has ruined my family's life (well, not really) Download: Episode 9: Information Security for the Whole Family (audio) Show notes: To keep peace in...

29 Maalis 20147min

7MS #8: CISSP – Is That the Cert for Me? (audio)

7MS #8: CISSP – Is That the Cert for Me? (audio)

In this episode I talk about my experience prepping for the CISSP exam. Download: Episode 8: CISSP – Is That the Cert for Me? (audio) Show notes: I used this book as my primary study tool. It comes wi...

22 Maalis 20147min

7MS #7: External Vulnerabilities that Byte (audio)

7MS #7: External Vulnerabilities that Byte (audio)

Episode lucky #7!!! In this episode I talk about external network vulnerabilities that we see in many of our assessments – some of which are pretty easy to clear up. Download: Episode 7: External Vuln...

15 Maalis 20147min

7MS #6: Fun Firewall Rules – part 2 (audio)

7MS #6: Fun Firewall Rules – part 2 (audio)

In this episode I continue talking about some basic firewall rules that many organizations don't have in place. Download: Episode 6: Fun Firewall Rules – part 2 (audio) Show notes: Limit outbound DNS ...

8 Maalis 20147min

7MS #5: Fun Firewall Rules – part 1 (audio)

7MS #5: Fun Firewall Rules – part 1 (audio)

In this episode I talk about some basic firewall rules that many organizations don't have in place. Download: Episode 5: Fun Firewall Rules – part 1 (audio) Show notes: Block outbound port TCP 25 for ...

1 Maalis 20147min

7MS #4: Patch Strategies: Part Deux (audio)

7MS #4: Patch Strategies: Part Deux (audio)

In this episode I continue talking about some dos and donts of patch strategies – this time talking about enterprise level gear. Download: Episode 4: Patch Strategies: Part Deux (audio) Show notes: Th...

22 Helmi 20146min

7MS #3: Patch Strategies: Part 1 (audio)

7MS #3: Patch Strategies: Part 1 (audio)

In this episode I talk about some trends (and problems) we're seeing on the patching front – specifically OS and third-party apps. Download: Episode 3: Patch Strategies: Part 1 (audio) Show notes: Mos...

13 Helmi 20147min

7MS #2: The Importance of Logging and Alerting! (audio)

7MS #2: The Importance of Logging and Alerting! (audio)

In this episode I talk about how a client of ours learned a hard lesson: that the lack of logging/alerting makes for a pretty miserable investigation after they were breached. Download: Episode 2: The...

1 Helmi 20147min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
ootsa-kuullut-tasta-2
politiikan-puskaradio
rss-ootsa-kuullut-tasta
tervo-halme
rss-vaalirankkurit-podcast
viisupodi
rss-podme-livebox
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
rss-asiastudio
linda-maria
the-ulkopolitist
rss-raha-talous-ja-politiikka
rss-girls-finish-f1rst
rikosmyytit
rss-kaikki-uusiksi
io-techin-tekniikkapodcast
rss-vain-talouselamaa