7MS #693: Pwning Ninja Hacker Academy – Part 3
7 Minute Security19 Syys 2025

7MS #693: Pwning Ninja Hacker Academy – Part 3

This week your pal and mine Joe "The Machine" Skeen kept picking away at pwning Ninja Hacker Academy. To review where we've been in parts 1 and 2:

  • We found a SQL injection on a box called SQL, got a privileged Sliver beacon on it, and dumped mimikatz info
  • From that dump, we used the SQL box hash to do a BloodHound run, which revealed that we had excessive permissions over the Computers OU
  • We useddacledit.py to give ourselves too much permission on the Computers OU

Today we:

  • Did an RBCD attack against the WEB box
  • Requested a service ticket to give us local admin superpowers on WEB
  • Performed a secretsdump against WEB
  • Struggled to do a mimikatz dump at the end of the episode (after we ended the stream I realized I could've just done the mimikatz dump because I had local admin access! Oh well, we'll pick things up again during part 4 next month!)

Jaksot(715)

7MS #11: Overtraining your iPhone Touch ID (video)

7MS #11: Overtraining your iPhone Touch ID (video)

In this episode I totally throw my subscribers for a loop and do a VIDEO podcast about overtraining your Touch ID on your iPhone. Download: 7MS #11: Overtraining your iPhone Touch ID (video) Show note...

12 Huhti 20143min

7MS #10: Information Security for the Whole Family – part 2 (audio)

7MS #10: Information Security for the Whole Family – part 2 (audio)

In this episode I talk more about some infosec-y things I'm doing on the home front to nurture a security culture (if you will) with my wife and kids. Download: Episode 10: Information Security for th...

5 Huhti 20147min

7MS #9: Information Security for the Whole Family (audio)

7MS #9: Information Security for the Whole Family (audio)

In this episode I talk about how being an infosec guy has ruined my family's life (well, not really) Download: Episode 9: Information Security for the Whole Family (audio) Show notes: To keep peace in...

29 Maalis 20147min

7MS #8: CISSP – Is That the Cert for Me? (audio)

7MS #8: CISSP – Is That the Cert for Me? (audio)

In this episode I talk about my experience prepping for the CISSP exam. Download: Episode 8: CISSP – Is That the Cert for Me? (audio) Show notes: I used this book as my primary study tool. It comes wi...

22 Maalis 20147min

7MS #7: External Vulnerabilities that Byte (audio)

7MS #7: External Vulnerabilities that Byte (audio)

Episode lucky #7!!! In this episode I talk about external network vulnerabilities that we see in many of our assessments – some of which are pretty easy to clear up. Download: Episode 7: External Vuln...

15 Maalis 20147min

7MS #6: Fun Firewall Rules – part 2 (audio)

7MS #6: Fun Firewall Rules – part 2 (audio)

In this episode I continue talking about some basic firewall rules that many organizations don't have in place. Download: Episode 6: Fun Firewall Rules – part 2 (audio) Show notes: Limit outbound DNS ...

8 Maalis 20147min

7MS #5: Fun Firewall Rules – part 1 (audio)

7MS #5: Fun Firewall Rules – part 1 (audio)

In this episode I talk about some basic firewall rules that many organizations don't have in place. Download: Episode 5: Fun Firewall Rules – part 1 (audio) Show notes: Block outbound port TCP 25 for ...

1 Maalis 20147min

7MS #4: Patch Strategies: Part Deux (audio)

7MS #4: Patch Strategies: Part Deux (audio)

In this episode I continue talking about some dos and donts of patch strategies – this time talking about enterprise level gear. Download: Episode 4: Patch Strategies: Part Deux (audio) Show notes: Th...

22 Helmi 20146min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
ootsa-kuullut-tasta-2
politiikan-puskaradio
rss-ootsa-kuullut-tasta
tervo-halme
rss-vaalirankkurit-podcast
rss-podme-livebox
et-sa-noin-voi-sanoo-esittaa
rss-asiastudio
otetaan-yhdet
the-ulkopolitist
rss-hyvaa-huomenta-bryssel
rss-merja-mahkan-rahat
aihe
rikosmyytit
rss-kaikki-uusiksi
rss-raha-talous-ja-politiikka
rss-aijat-hopottaa-podcast
rss-polikulaari-pitka-kiekko-ja-muut-ts-podcastit