7MS #638: Tales of Pentest Pwnage – Part 61
7 Minute Security23 Aug 2024

7MS #638: Tales of Pentest Pwnage – Part 61

Today we're talking pentesting – specifically some mini gems that can help you escalate local/domain/SQL privileges:

  • Check the C: drive! If you get local admin and the system itself looks boring, check root of C – might have some interesting scripts or folders with tools that have creds in them.
  • Also look at Look at Get-ScheduledTasks
  • Find ids and passwords easily in Snaffler output with this Snaffler cleaner script
  • There's a ton of gold to (potentially) be found in SQL servers – check out my notes on using PowerUpSQL to find misconfigs and agent jobs you might able to abuse!

Episoder(715)

7MS #611: Pentestatonix

7MS #611: Pentestatonix

Hey friends, sorry for the late episode but I've been deep in the trenches of pentest adventures.  I'll do a more formal tale of pentest pwnage when I come up for air, but for now I wanted to share so...

19 Feb 202434min

7MS #610: DIY Pentest Dropbox Tips – Part 9

7MS #610: DIY Pentest Dropbox Tips – Part 9

Hey friends, today we cover a funstrating (that's fun + frustrating) issue we had with our DIY pentest dropboxes. TLDL:   The preseed file got jacked because I had a bad Kali metapackage in it. While...

9 Feb 202420min

7MS #609: First Impressions of Sysreptor

7MS #609: First Impressions of Sysreptor

Hey friends, today is a first impressions episode about Sysreptor, which according to their GitHub page, is a fully customisable, offensive security reporting solution designed for pentesters, red tea...

2 Feb 202430min

7MS #608: New Tool Release - EvilFortiAuthenticator

7MS #608: New Tool Release - EvilFortiAuthenticator

Hey friends, today our pal Hackernovice joins us for a tool (actually two tools!) release party: EvilFortiAuthenticator - it's like a regular FortiAuthenticator, but evil.  This tool allows you to ...

26 Jan 202443min

7MS #607: How to Succeed in Business Without Really Crying - Part 15

7MS #607: How to Succeed in Business Without Really Crying - Part 15

Today we talk about some business-y things like: A pre first impressions opinion on Sysreptor Why I'm not worried about AI replacing manual pentesting (yet) My struggle with going "full CEO" vs....

19 Jan 202439min

7MS #606: Hacking OWASP Juice Shop (2024 edition)

7MS #606: Hacking OWASP Juice Shop (2024 edition)

Today our pals Bjorn Kimminich from OWASP and Paul from Project7 and TheUnstoppables.ai join us as we kick off a series all about hacking the OWASP Juice Shop, which is "probably the most modern and s...

12 Jan 202429min

7MS #605: Navigating the Demands of Tech Leadership with Amanda Berlin of Blumira

7MS #605: Navigating the Demands of Tech Leadership with Amanda Berlin of Blumira

Today our friend Amanda Berlin, Lead Incident Detection Engineer at Blumira, joins us to talk about being more mentally healthy in 2024! P.S. - did you miss Amanda's past visits to the program? Then c...

5 Jan 202458min

7MS #604: A Two Tool Teaser

7MS #604: A Two Tool Teaser

Today we tease two upcoming tool releases (shooting for Q1, 2024): TCMLobbyBBQ - a Python script for PC players of The Texas Chain Saw Massacre game to help players get out of lobbies and into live ...

2 Jan 202426min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
lydartikler-fra-aftenposten
popradet
stopp-verden
fotballpodden-2
dine-penger-pengeradet
det-store-bildet
rss-gukild-johaug
i-retten
nokon-ma-ga
hanna-de-heldige
e24-podden
rss-ness
aftenbla-bla
rss-dannet-uten-piano
frokostshowet-pa-p5
grasoner-den-nye-kalde-krigen