7 Minute Security25 Feb 2021

7MS #456: Certified Red Team Professional - Part 4

Hello friends! Today, Joe (Gh0sthax) and I complete our series on CRTP - Certified Red Team Professional - a really awesome pentesting training and exam based squarely on Microsoft tools and tradecraft. Specifically, Joe and I talk about:

We don't think the training/exam is for beginners, despite how its advertised
Both the lab PDF and PowerPoint have their own quirks - which may ultimately be teaching us not to be copy-and-paste jockeys, and instead build our own study guides and cheat sheets
Don't let the training give you the idea that most pentests have a super fast escalation path to DA (ok yes sometimes they do, but usually we spend a LOT of hours working on escalation!)
Watch the walkthrough videos. We repeat: WATCH THE WALKTHROUGH VIDEOS!
Although not required, we highly recommend capturing all the flags laid out for you in the lab environment
Know how to privesc - using multiple tools/methods
It would be to your advantage to understand how to view/manipulate Active directory information in multiple ways
You start the exam with no tools. So how will you be ready to upload/download tools into the exam environment so you make the most of your exam time?
Tool X might give you wrong results - or none at all - in the lab. Do you have a backup tool Y and Z that can serve the same purpose?
You want to be very good at Kerberos ticket crafting!
Know all the mimikatz commands and switches and when to apply them

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(727)

7MS #727: Securing Your Mental Health – Part 7

Hello friends! It's been over a year since we did a dedicated mental health episode, so today I'm doing a big catch-up and running through my 7-point plan for being a more mentally secure me. None of ...

19 Jun 21min

7MS #726: Baby's First Hermes

Hello friends! I've been on a bit of an AI agent journey lately, and today I'm sharing my experience ditching OpenClaw and going all-in on Hermes — a self-hosted AI agent built by Nous Research. A Net...

12 Jun 22min

7MS #725: Building a Bulletproof Backup Solution

Hey friends! Backups are not as cool as pentesting, but boy do they matter when things go sideways. This week I'm sharing how a Proxmox backup disk space meltdown led me to a completely overhauled — a...

5 Jun 21min

7MS #724: Tales of Pentest Pwnage - Part 85

Hey friends! Today we're going deep on external network pentesting — something I realize we've barely touched in however many episodes we've done. I'm currently in a long stretch of back-to-back exter...

29 Mai 30min

7MS #723: CARTP - Cloud Red Team Tactics for Attacking and Defending Azure - Part 1

Hello friends! Today's a hybrid episode — some security content up top about a new certification I've kicked off, followed by an aggressively quick trip to Tangent Town. Feel free to bail after the se...

23 Mai 32min

7MS #722: I Turned My Phone Into a Brick

Hey friends! Quasi-vacation week over here, so today's episode is lighter and more personal: just a story about how I turned my phone into a "brick" (kind of) and what that's done for my mental health...

15 Mai 23min

7MS #721: Fun Professional and Personal AI Project Ideas – Part 2

Hello friends! Picking up the AI-automation series from a couple weeks back — here's another batch of scripts and integrations that have been giving me precious minutes (and sanity) back. Yes, I had t...

8 Mai 25min

7MS #720: Tales of Pentest Pwnage – Part 84

Hey friends! Today's another Tales of Pentest Pwnage! Quick tangent first on a couple side projects: I've got a music thing at quack.house (like the duck noise, not the drug) and a podcast with my dan...

1 Mai 43min