7MS #446: Certified Red Team Professional - Part 2
7 Minute Security17 Des 2020

7MS #446: Certified Red Team Professional - Part 2

Today's episode continues part 1 of our series on the Certified Red Team Professional certification. Key points from today's episode include:

  • It's probably a better idea to run Bloodhound on your local machine so you don't crush the student VM's resources

  • Running Invoke-Command is one of my new favorite things. Check this post for a bunch of cheatsheet tips for running commands in PowerShell against other hosts.

  • Silver, gold and skeleton key attacks in AD - are they awesome? Yes? Do I see myself using those in short-term pentest enagements? Meh.

  • Wanna build a home lab to do some of these fun pentest stuff? Our buddy k3nundrum in Slack recommended we check out this. It looks awesome. And the devs of the tool have a video on it here.

  • When you're popping shells and privs all over the place in the lab, it can be confusing to figure out which machines you have what privileges on. I like using the klist command. Or, from a mimikatz prompt, try kerberos::list /export.

Episoder(714)

7MS #706: Tales of Pentest Pwnage – Part 80

7MS #706: Tales of Pentest Pwnage – Part 80

I'm so excited to share today's tale of pentest pwnage, because it brings back to life a coercion technique I thought wouldn't work against Windows 11! Spoiler alert: check out rpc2efs, as well as the...

19 Des 202529min

7MS #705: A Phishing Campaign Fail Tale

7MS #705: A Phishing Campaign Fail Tale

This might be obvious, but security is not all domain admin dancing and maximum pwnage. Sometimes, despite my best efforts, a security project does a faceplant. Today's episode focuses on a phishing c...

12 Des 202521min

7MS #704: DIY Pentest Dropbox Tips – Part 12

7MS #704: DIY Pentest Dropbox Tips – Part 12

Hola friends!  My week has very much been about trying to turnaround pentest dropboxes as quickly as possible.  In that adventure, I came across two time-saving discoveries: Using a Proxmox LXC as a ...

5 Des 202524min

7MS #703: Tales of Pentest Pwnage – Part 79

7MS #703: Tales of Pentest Pwnage – Part 79

Happy Thanksgiving week friends! Today we're celebrating a turkey and pie overload by sharing another fun tale of pentest pwnage! It involves using pygpoabuse to hijack a GPO and turn it into our pent...

28 Nov 202522min

7MS #702: Should You Hire AI to Run Your Next Pentest?

7MS #702: Should You Hire AI to Run Your Next Pentest?

Hello friends, in today's episode I give an audio summary of a talk I gave this week at the MN GOVIT Symposium called "Should You Hire AI to Run Your Next Pentest?"  It's not a pro-AI celebration, nor...

21 Nov 202521min

7MS #701: What I'm Working on This Week – Part 5

7MS #701: What I'm Working on This Week – Part 5

Hello friends!  This week I'm talking about what I'm working on this week, including: Preparing a talk called Should You Hire AI to Run Your Next Pentest for the Minnesota GOVIT Symposium. Playing wi...

14 Nov 202518min

7MS #700: Pretender

7MS #700: Pretender

Today is episode 700 of the 7MinSec podcast! Oh my gosh. My mom didn't think we could do it, but we did. Instead of a big blowout with huge news, giveaways and special guests, today is a pretty standa...

7 Nov 20258min

7MS #699: Pre-Travel Security Tips

7MS #699: Pre-Travel Security Tips

Today we discuss some pre-travel tips you can use before hopping on a plane to start a work/personal adventure. Tips include: Updating the family DR/BCP plan Lightening your purse/wallet Validating/t...

31 Okt 202530min

Populært innen Politikk og nyheter

aftenpodden
giver-og-gjengen-vg
lydartikler-fra-aftenposten
forklart
aftenpodden-usa
i-retten
stopp-verden
popradet
fotballpodden-2
det-store-bildet
rss-gukild-johaug
rss-ness
dine-penger-pengeradet
nokon-ma-ga
aftenbla-bla
e24-podden
hanna-de-heldige
rss-dannet-uten-piano
bt-dokumentar-2
rss-utenrikskomiteen-med-bogen-og-grasvik