7MS #619: Tales of Pentest Pwnage – Part 56

7MS #619: Tales of Pentest Pwnage – Part 56

We did something crazy today and recorded an episode that was 7 minutes long! Today we talk about some things that have helped us out in recent pentests:

  • When using Farmer to create “trap” files that coerce authentication, I’ve found way better results using Windows Search Connectors (.searchConnector-ms) files
  • This matrix of “can I relay this to that” has been super helpful, especially early in engagements

Episoder(696)

7MS #408: Cell Phone Security for Tweenagers - Part 2

7MS #408: Cell Phone Security for Tweenagers - Part 2

This episode of the 7MS podcast is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the later, and ITProTV has you covered. From CompTIA and Cisco to ECCouncil and VMWare. Get a 7-day free trial and save 30% off all plans by going to itpro.tv/7MS "I think of what the world could be If it did not have COVID-19 A million dreams is all it's gonna taaaaaaaaaaaaaaaake!" Today's episode is a continuation and update on the cell phone security for tweenagers episode from about a year ago. Specifically, I talk about: How the cell phone contract I put together for my tweenager kind of blew up in my face I'm the worst dad in the world because my wife and I enforced a "no screens" policy for a few weeks. We lived. Barely. Apple Screen Time is your friend, and helps put some limits on iDevice use The Dream Machine makes it easy to setup a segmented wireless network just for your kids. You can also "time box" their individual network to only broadcast at certain hours of the day You can then apply OpenDNS to filter bad sites on just the kiddo network or ALL your networks If you make a home backup/DR plan make sure it includes important stuff like: passwords to important things, as well as critical contacts like your tax prep person, financial advisor and subcontractors. More info at 7ms.us!

3 Apr 202032min

7MS #407: Four Fun Stay-at-Home Security Projects

7MS #407: Four Fun Stay-at-Home Security Projects

In today's episode I share four fun stay-at-home security projects - three with a security focus and one centered around music. Let's gooooooooo! FoldingAtHome The Folding At Home project helps use your GPU/CPU cycles for COVID-19 research. From the Web site: We need your help! Folding@home is joining researchers around the world working to better understand the 2019 Coronavirus (2019-nCoV) to accelerate the open science effort to develop new life-saving therapies. By downloading Folding@Home, you can donate your unused computational resources to the Folding@home Consortium, where researchers working to advance our understanding of the structures of potential drug targets for 2019-nCoV that could aid in the design of new therapies. The data you help us generate will be quickly and openly disseminated as part of an open science collaboration of multiple laboratories around the world, giving researchers new tools that may unlock new opportunities for developing lifesaving drugs. It's awesome! Since I run my cracking rig as a headless Linux install, I followed the advanced install and then used the command line options to run FAHClient standalone (only because personally I don't really love running extra, always-on services on any of my boxes). It looks like FAH is having a good problem in that there are more resource donors than research to number-crunch on! Keep tabs on the forums for up-to-date information. See more information at 7ms.us!

26 Mar 202033min

7MS #406: Securing Your Family During and After a Disaster - Part 4

7MS #406: Securing Your Family During and After a Disaster - Part 4

This episode of the 7MS podcast is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the later, and ITProTV has you covered. From CompTIA and Cisco to ECCouncil and VMWare. Get a 7-day free trial and save 30% off all plans by going to itpro.tv/7MS First and foremost, I hope you all are doing well and taking care of yourselves. Today's episode focuses on disasters, which is unfortunately a very appropriate topic. As a quick refresher, our family had a fire a few months ago. It sucked. I talked about the day of the fire in this episode then did a "how do we get back on the grid?" episode here and then answered some of your FAQs here. Regardless of if your DR plan includes fires, virus outbreaks, tornados or zombie attacks, it's important to have a solid plan for your family and business. So in today's episode I cover these main two topics: A DIY $500 NAS + Unlimited Cloud Backup Plan In trying to be more organized with my backup strategy, I set out to create a new backup plan with the following criteria: Priced at ~$500 One on-prem array Encrypted at rest Backs up to cloud with encryption key I control Unlimited scalable storage I found my solution using this awesome video but I need to warn you about something right off the bat: the config in this video and in today's episode is not supported by CrashPlan because CP doesn't have a native backup agent that will run on the Synology NAS (at the time of this writing, anyway). With that said, here's the grocey list of things that make up my backup rig: (See more info on the show notes for todya's episode at 7ms.us)

21 Mar 202040min

7MS #405: Tales of Internal Pentest Pwnage - Part 16

7MS #405: Tales of Internal Pentest Pwnage - Part 16

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. Today's episode of pentest pwnage is the (hopefully) exciting conclusion to this episode. Last we left this pentest, we ran into some excellent blue team defenses, including: MFA on internal servers (which we bypassed) Strong passwords Limited vulnerable protocols (LLMNR/Netbios/etc) available to abuse for cred-capturing Servers that were heavily firewalled off from talking SMB to just any ol' subnet nor the Interwebs (here's a great video on how to fine-tune your software firewall chops) In today's episode we talk about: How maybe it's not a good idea to make computer go completely "shields down" during pentests Being careful not to fat-finger anything when you spawn cmd.exe with creds, like runas /netonly /user:samplecompany\billybob "C:\windows\system32\cmd.exe" Being careful not to fat-finger anything when using CrackMapExec How fundamental and really effective blue team controls (such as the ones mentioned above) can really make pentesting a headache! How you should be careful when spawning shells with MultiRelay (part of Responder is it creates new services on your victim machine Has the 7MS podcast helped you in your IT and security career? Please consider supporting us!

12 Mar 202043min

7MS #403: 7MOOMAMA - Juice Shop Song + Backdoors and Breaches Jingle

7MS #403: 7MOOMAMA - Juice Shop Song + Backdoors and Breaches Jingle

Today's slightly off-topic episode kicks off a new tag called 7MOOMAMA. That stands for 7 Minutes of Only Music and Miscellaneous Awesomeness. To kick things off, I'm super excited to share with you two new security-themed songs for some of my favorite security things! They are: Backdoors and Breaches - my favorite incident response card game. OWASP Juice Shop - my favorite vulnerable Web application. Enjoy! Backdoors and Breaches Backdoors and Breaches I love the way teaches me to think about security controls And their proper placement Backdoors and Breaches I can’t wait to blow my paycheck just to get myself a game deck and then move Out of my mother’s basement Soon I’ll be sittin’ down and playing it with my red and blue teams Or John and gang at Black Hills Info Security And when I go to bed tonight I know what’s gonna fill my dreams Backdoors and Breaches Juice Shop VERSE 1 When you want to shop online then you had better be sure The experience is safe and also secure Don't want to let no SQLi or cross-site scripting ruin your day No, you want to break into a joyous song and say: CHORUS 1 Juice Shop! Juice Shop! You can order tasty beverages in any quantity Juice Shop! Juice Shop! Just don't test the site with Burp Suite or you won't like what you see VERSE 2 Now if you're feeling kinda sneaky and you're inclined to explore You might find inside the Juice Shop...a hidden score board It will point you towards a vuln'rability or maybe two And when you're done you'll say, "This site should get a code review!" CHORUS 2 Juice Shop! Juice Shop! It has got more holes then a warehouse filled with gallons of Swiss cheese Juice Shop! Juice Shop! ...finish the songs at 7ms.us

9 Mar 20207min

7MS #402: Interview with Matt Duench of Arctic Wolf

7MS #402: Interview with Matt Duench of Arctic Wolf

Today I'm joined by Matt Duench (LinkedIn / Twitter), who has a broad background in technology and security - from traveling to over 40 countries around the world working with telecom services, to his current role at Arctic Wolf where he leads product marketing for their managed risk solution. Matt chatted with me over Skype about a wide variety of security topics, including: Corporate conversations around security have changed drastically in such a short time - specifically, security is generally no longer perceived as a cost center. So why are so many organizations basically still in security diapers as far as their maturity? Why is it still so hard to find “bad stuff” on the network? What are some common security mistakes you wish you could wave a magic wand and fix for all companies? The beauty of the CIS Top 20 and how following even the top 5 controls can stop 85% of attacks. Low-hanging hacker fruit that all organizations should consider addressing, such as: Disabling IPv6 Using a password manager Turning on multi-factor authentication Don’t write down your passwords! Have a mail transport rule that marks external mail as “EXTERNAL” so it jumps out to people Consider an additional rule to stop display name spoofing (h/t to Rob on Slack!) Why you should be concerned about corporate account takeover, and how to better protect yourself and your company against this attack vector I also asked Matt a slew of questions that many of you submitted via Slack: More info under the show notes for this episode at 7ms.us!

26 Feb 20201h 12min

7MS #401: Tales of Internal Pentest Pwnage - Part 15

7MS #401: Tales of Internal Pentest Pwnage - Part 15

It’s episode 401 and we’re having fun, right? Some things we cover today: The Webinar version of the DIY Pwnagotchi evening will be offered in Webinar format on Tuesday, March 10 at 10 a.m. A quick house fire update - we’re closer to demolition now! I finally got a new guitar! Besides that, I’ve got a wonderful tale of pentest pwnage for you. Warning: this is a TBC (to be continued) episode in that I don’t even know how it will shake out. I’m honestly not sure if we’ll get DA! Here are the highlights: I think in the past I might've said unauthenticated Nessus scans weren't worth much, but this test changed my mind. If you can't dump local hashes with CrackMapExec, try SecretsDump! ./secretsdump.py -target-ip {IP of target machine} localhost/{username}@{target IP} If you're relaying net user commands (or just typing them from a relayed shell), this one-liner is a good way to quickly add your user to local admins and the Remote Desktop Users group: net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add Trying to RDP into a box protected with Duo MFA? If you can edit the c:\windows\system32\drivers\etc\hosts file, you might be able change the Duo authentication server from api-xxxxxxx.duosecurity.com to 127.0.0.1 and force authenetication to fail open! Source: Pentest Partners In general, keep an eye on CrackMapExec's output whenever you use the '-x' flag to run commands. If the system is "hanging" on a command for a while and then gives you NO output and just drops you back at your Kali prompt, the command might not be running at all due to something else on the system blocking your efforts. More on today's show notes at 7ms.us!

21 Feb 20201h 1min

7MS #400: Tales of Internal Pentest Pwnage - Part 14

7MS #400: Tales of Internal Pentest Pwnage - Part 14

Wow, happy 400th episode everybody! Also, happy SIXTH birthday to the 7MS podcast! Today I've got a really fun tale of internal network pentest pwnage to share with you, as well as a story about a "poop-petrator." Key moments and takeaways include: Your target network might have heavy egress filtering in place. I recommend doing full apt-get update and apt-get upgrade and grabbing all the tools you need (may I suggest my script for this?). If the CrackMapExec --sam flag doesn't work for you, give secretsdump a try, as I ran it on an individual Win workstation and it worked like a champ! If the latest mimikatz release doesn't rip out passwords for you, try the release from last August. For whatever reason (thanks 0xdf) for the tip! If your procdumps of lsass appear to be small, endpoint protection might be getting in the way! You might be able to figure out what's running - and stop the service(s) - with CrackMapExec and the -x 'tasklist /v' flag. If you need to bypass endpoint protection, don't be afraid to go deep into the Google search results. Unfortunately, I think that's all I can say about that, as vendors seem to get snippy about talking about bypasses publicly. Has 7MS helped you in your IT and security career? Please consider buying me a coffee!

14 Feb 20201h 4min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
forklart
aftenpodden-usa
popradet
stopp-verden
det-store-bildet
fotballpodden-2
dine-penger-pengeradet
nokon-ma-ga
frokostshowet-pa-p5
rss-ness
rss-penger-polser-og-politikk
rss-dannet-uten-piano
aftenbla-bla
unitedno
rss-gukild-johaug
bt-dokumentar-2
rss-borsmorgen-okonominyhetene
e24-podden