7MS #617: Tales of Pentest Pwnage – Part 55
7 Minute Security29 Maalis 2024

7MS #617: Tales of Pentest Pwnage – Part 55

Hey friends, today we’ve got a tale of pentest pwnage that covers:

  • Passwords – make sure to look for patterns such as keyboard walks, as well as people who are picking passwords where the month the password changed is part of the password (say that five times fast)!
  • Making sure you go after cached credentials
  • Attacking SCCM – Misconfiguration Manager is an absolute gem to read, and The First Cred is the Deepest – Part 2 with Gabriel Prud’homme is an absolute gem to see. Also, check out sccmhunter for all your SCCM pwnage needs.

Kokeile Premiumia

Nauti 14 päivää ilmaiseksi

Kokeile ilmaiseksiArrow Right

Jaksot(684)

7MS #669: What I’m Working on This Week – Part 3

7MS #669: What I’m Working on This Week – Part 3

Hi friends, in this edition of what I’m working on this week: 3 pulse-pounding pentests that had…problems Something I’m calling the unshadow/reshadow credentials attack Heads-up on a new video experiment I’m going to try next week

4 Huhti 42min

7MS #668: Tales of Pentest Pwnage – Part 69

7MS #668: Tales of Pentest Pwnage – Part 69

Hola friends! Today’s tale of pentest pwnage talks about abusing Exchange and the Azure ADSync account! Links to the discussed things: adconnectdump – for all your ADSync account dumping needs! Adam Chester PowerShell script to dump MSOL service account dacledit.py (part of Impacket) to give myself full write privileges on the MSOL sync account: dacledit.py -action ‘write’ -rights ‘FullControl’ -principal lowpriv -target MSOL-SYNC-ACCOUNT -dc-ip 1.2.3.4 domain.com/EXCHANGEBOX$ -k -no-pass Looking to tighten up your Exchange permissions – check out this crazy detailed post

28 Maalis 30min

7MS #667: Pentesting GOAD SCCM - Part 2!

7MS #667: Pentesting GOAD SCCM - Part 2!

Hey friends, our good buddy Joe “The Machine” Skeen and I are back this week with part 2 (check out part 1!) tackling GOAD SCCM again!  Spoiler alert: this time we get DA!  YAY! Definitely check out these handy SCCM resources to help you – whether it be in the lab or IRL (in real life): GOAD SCCM walkthrough MisconfigurationManager – tremendous resource for enumerating/attacking/privesc-ing within SCCM This gist from Adam Chester will help you decrypt SCCM creds stored in SQL

21 Maalis 28min

7MS #666: Tales of Pentest Pwnage – Part 68

7MS #666: Tales of Pentest Pwnage – Part 68

Today we have a smattering of miscellaneous pentest tips to help you pwn all the stuff! Selective Snaffling with Snaffler The importance of having plenty of dropbox disk space – for redundant remote connectivity and PXE abuse! TGTs can be fun for SMB riffling, targeted Snaffling, netexec-ing and Evil-WinRMing!

14 Maalis 45min

7MS #665: What I'm Working on This Week - Part 2

7MS #665: What I'm Working on This Week - Part 2

Hello there friends, I’m doing another “what I’m working on this week” episode which includes: BPATTY v1.6 release – big/cool/new content to share here PWPUSH – this looks to be an awesome way (both paid and free) to securely share files and passwords

7 Maalis 28min

7MS #664: What I’m Working on This Week

7MS #664: What I’m Working on This Week

In today’s episode I talk about what I’m working on this week, including: Playing with Sliver C2 and pairing it with ShellcodePack Talking about Netexecer, my upcoming tool that helps automate some of the early/boring stuff in an internal pentest A gotcha to watch out for if utilizing netexec’s MSSQL upload/download functionality

28 Helmi 25min

7MS #663: Pentesting GOAD SCCM

7MS #663: Pentesting GOAD SCCM

Today we live-hack an SCCM server via GOAD SCCM using some attack guidance from Misconfiguration Manager!  Attacks include: Unauthenticated PXE attack PXE (with password) attack Relaying the machine account of the MECM box over to the SQL server to get local admin

21 Helmi 29min

7MS #662: Pentesting Potatoes - Part 2

7MS #662: Pentesting Potatoes - Part 2

Hi friends, today we're talking about pentesting potatoes (not really, but this episode is sort of a homage to episode 333 where I went to Boise to do a controls assessment and ended up doing an impromptu physical pentest and social engineer exercise).  I talk about what a blast I'm having hunting APTs in XINTRA LABS, and two cool tools I'm building with the help of Cursor: A wrapper for Netexec that quickly finds roastable users, machines without SMB signing, clients running Webclient and more. A sifter of Snaffler-captured files to zero in even closer on interesting things such as usernames and passwords in clear text.

14 Helmi 37min

Kaikki yhdessä sovelluksessa

Kuuntele kaikki suosikkipodcastisi ja -äänikirjasi yhdessä paikassa.

Sinulle valikoitua sisältöä

Podme-sovelluksessa kokoat suosikkisi helposti omaan kirjastoosi. Saat meiltä myös kuuntelusuosituksia!

Jatka kuuntelua koska tahansa

Voit jatkaa siitä mihin jäit, myös offline-tilassa.

Premium

9,99 €/kk

  • Kaikki premium-podcastit
  • Ei mainoksia
  • Ei sitoutumista, peruuta koska tahansa

Premium

13,99 €/kk

  • Kaikki premium-podcastit
  • Ei mainoksia
  • Ei sitoutumista, peruuta koska tahansa
  • Yksi lisäkäyttäjä

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
aikalisa
ootsa-kuullut-tasta-2
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
politiikan-puskaradio
rss-vaalirankkurit-podcast
aihe
rikosmyytit
the-ulkopolitist
rss-kovin-paikka
linda-maria
rss-mina-ukkola
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
radio-antro
rss-aijat-hopottaa-podcast
rss-kaikki-uusiksi
rss-hyvaa-huomenta-bryssel
rss-raha-talous-ja-politiikka
rss-kyselytunti

Tarinat ja äänet, joita rakastat kuunnella

Kuuntele kaikki suosikkipodcastisi ja -äänikirjasi

Lue lisääArrow Right