7MS #724: Tales of Pentest Pwnage - Part 85

7MS #724: Tales of Pentest Pwnage - Part 85

Hey friends! Today we're going deep on external network pentesting — something I realize we've barely touched in however many episodes we've done. I'm currently in a long stretch of back-to-back external assessments, so it felt like a good time to talk about it.

Here's what we get into:

  • Scoping headaches — why the old "count your public IPs and multiply by a big hourly rate" approach drives me crazy, and how we actually scope external tests to be fair to everyone
  • Web apps in scope or not? — this needs its own conversation before the test starts, and skipping it causes pain later
  • Testing under real conditions — the debate around whether to request an allowlist vs. scanning as-is, and why I lean toward creating the best testing environment possible
  • Multi-tool enumeration — why we run Nessus, Project Discovery, and Shodan together, and what each catches that the others miss
  • Reporting the surface — why just walking a customer through what's exposed to the internet (ports, services, screenshots) has more value than I used to give it credit for
  • SNMP and NTP findings — two protocols that keep showing up open when they really (probably) shouldn't be
  • OSINT phase — how we've grown externals to include open-source intelligence work on the customer's domains, not just IP-level scanning
  • WordPress hygiene — it keeps coming up on these assessments, and I've got some practical recommendations
  • Dorking and metadata searches — using AI to quickly sift through publicly exposed documents for things attackers could use to pretext a social engineering attack
  • Subdomain hijacking — a sneaky attack path I've seen in the wild that flies right in the face of all the "check if the URL is spelled right" advice we give users

Even when the technical findings are pretty quiet, there's a lot you can do to punch up an external pentest report with stuff that's genuinely valuable to customers!

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(730)

7MS #730: Baby's First Project Swarm

7MS #730: Baby's First Project Swarm

Hey friends! Still your grieving pal over here, but also your swarming friend and Protecting My Network Edge host — because this week I've been tinkering with something called Project Swarm and I've g...

10 Jul 25min

7MS #729: Pwning Dracarys

7MS #729: Pwning Dracarys

Hey friends! Still your grieving pal over here, but also your happy hacking host — because today we're diving into baby's first Dracarys! (Yes, I'm probably pronouncing that wrong. Yes, I'm going to k...

4 Jul 18min

7MS #728: Securing Your Family During and After a Disaster – Part 8

7MS #728: Securing Your Family During and After a Disaster – Part 8

Hey friends! This is a tough one to write. My dad passed away on Friday, and instead of the hacker-y tech episode I had planned, I pivoted to something more personal — another installment of our "Secu...

30 Jun 38min

7MS #727: Securing Your Mental Health – Part 7

7MS #727: Securing Your Mental Health – Part 7

Hello friends! It's been over a year since we did a dedicated mental health episode, so today I'm doing a big catch-up and running through my 7-point plan for being a more mentally secure me. None of ...

19 Jun 21min

7MS #726: Baby's First Hermes

7MS #726: Baby's First Hermes

Hello friends! I've been on a bit of an AI agent journey lately, and today I'm sharing my experience ditching OpenClaw and going all-in on Hermes — a self-hosted AI agent built by Nous Research. A Net...

12 Jun 22min

7MS #725: Building a Bulletproof Backup Solution

7MS #725: Building a Bulletproof Backup Solution

Hey friends! Backups are not as cool as pentesting, but boy do they matter when things go sideways. This week I'm sharing how a Proxmox backup disk space meltdown led me to a completely overhauled — a...

5 Jun 21min

7MS #723: CARTP - Cloud Red Team Tactics for Attacking and Defending Azure - Part 1

7MS #723: CARTP - Cloud Red Team Tactics for Attacking and Defending Azure - Part 1

Hello friends! Today's a hybrid episode — some security content up top about a new certification I've kicked off, followed by an aggressively quick trip to Tangent Town. Feel free to bail after the se...

23 Mai 32min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden-usa
fotballpodden-2
aftenpodden
forklart
stopp-verden
popradet
det-store-bildet
rss-gukild-johaug
hanna-de-heldige
rss-ness
aftenbla-bla
nokon-ma-ga
dine-penger-pengeradet
rss-penger-polser-og-politikk
lydartikler-fra-aftenposten
rss-utenrikskomiteen-med-bogen-og-grasvik
rss-hor-na-krim-2
e24-podden
unitedno