7MS #729: Pwning Dracarys

7MS #729: Pwning Dracarys

Hey friends! Still your grieving pal over here, but also your happy hacking host — because today we're diving into baby's first Dracarys! (Yes, I'm probably pronouncing that wrong. Yes, I'm going to keep saying it anyway.)

Quick housekeeping: A few days ago I published a mini-series episode from our How to Secure Your Family During and After a Disaster series, where I shared the news that my dad passed away last Friday. So many of you reached out with condolences — thank you from the bottom of my heart. I'll share a little life update at the end of this episode.

But first — Dracarys! I didn't know it existed until recently. If you knew about it and didn't tell me, I'm mad at you. But we made up. We're friends forever. Here's what we cover:

  • What is Dracarys? It's a smaller, CTF-style Active Directory pentesting lab from the same crew that brought us Game of Active Directory (GOAD), GOAD-SCCM, GOAD-Light, and Ninja Hacker Academy. Where GOAD holds your hand through the vulnerabilities, Dracarys and Ninja Hacker Academy take more of a "here's your starting point, now figure it out" approach — which I love.
  • The lab setup: One Linux VM, a Windows domain controller, and a Windows application server. Your only hint? Start with the Linux box. That's it. Good luck!
  • TuesdayTOOLSday preview: Over on 7MinSec.club, I did a TuesdayTOOLSday episode walking through initial setup — getting your hosts file configured, running a NetExec sweep to map out the attack surface, and doing some light enumeration on that Linux box. No big spoilers, just enough to get your Kali box ready to rock.
  • What I've learned since: After the TuesdayTOOLSday recording, I kept digging. My methodology has been: nmap to identify open ports and service versions, then research whether any of those versions have known exploits. Once I spotted an interesting web service, AI pointed me toward FeroxBuster for directory and file enumeration — a tool I hadn't used before but am now a huge fan of. It's fast, configurable, and once I got my scan tuned properly… I found a jewel. That jewel feels like the next step deeper into this lab. More on that in future TuesdayTOOLSday episodes!
  • Shameless plug: All of this walkthrough content lives at 7MinSec.club. Subscriptions are free, and subscribing just means you get an email when I publish new content. No spam, no sales pitches — just hacking stuff. (And if you want to financially support the show, there's a paid tier too. Just sayin'.)
  • Life update: We've moved into funeral planning mode. My dad, thankfully, had already mapped out his whole service — the pastor, the verses, everything — which has made things a little easier. We're picking photos for a tribute slideshow and I've been asked to share some words and sing a song. The song I chose is "Jesus, Savior, Pilot Me" — which my dad once described as "that song about Jesus flying airplanes." (He wasn't wrong. Sort of.) I've been practicing it all week and can barely make it through verse two. Prayers, good vibes, and a large supply of Kleenex would be appreciated.

Again, you can find the Dracarys lab here. And if you're not already on 7MinSec.club, come hang out — that's where the deeper dives live.

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(729)

7MS #728: Securing Your Family During and After a Disaster – Part 8

7MS #728: Securing Your Family During and After a Disaster – Part 8

Hey friends! This is a tough one to write. My dad passed away on Friday, and instead of the hacker-y tech episode I had planned, I pivoted to something more personal — another installment of our "Secu...

30 Juni 38min

7MS #727: Securing Your Mental Health – Part 7

7MS #727: Securing Your Mental Health – Part 7

Hello friends! It's been over a year since we did a dedicated mental health episode, so today I'm doing a big catch-up and running through my 7-point plan for being a more mentally secure me. None of ...

19 Juni 21min

7MS #726: Baby's First Hermes

7MS #726: Baby's First Hermes

Hello friends! I've been on a bit of an AI agent journey lately, and today I'm sharing my experience ditching OpenClaw and going all-in on Hermes — a self-hosted AI agent built by Nous Research. A Net...

12 Juni 22min

7MS #725: Building a Bulletproof Backup Solution

7MS #725: Building a Bulletproof Backup Solution

Hey friends! Backups are not as cool as pentesting, but boy do they matter when things go sideways. This week I'm sharing how a Proxmox backup disk space meltdown led me to a completely overhauled — a...

5 Juni 21min

7MS #724: Tales of Pentest Pwnage - Part 85

7MS #724: Tales of Pentest Pwnage - Part 85

Hey friends! Today we're going deep on external network pentesting — something I realize we've barely touched in however many episodes we've done. I'm currently in a long stretch of back-to-back exter...

29 Maj 30min

7MS #723: CARTP - Cloud Red Team Tactics for Attacking and Defending Azure - Part 1

7MS #723: CARTP - Cloud Red Team Tactics for Attacking and Defending Azure - Part 1

Hello friends! Today's a hybrid episode — some security content up top about a new certification I've kicked off, followed by an aggressively quick trip to Tangent Town. Feel free to bail after the se...

23 Maj 32min

7MS #722: I Turned My Phone Into a Brick

7MS #722: I Turned My Phone Into a Brick

Hey friends! Quasi-vacation week over here, so today's episode is lighter and more personal: just a story about how I turned my phone into a "brick" (kind of) and what that's done for my mental health...

15 Maj 23min

Populärt inom Politik & nyheter

aftonbladet-krim
svenska-fall
tv4-nyheterna-story
p3-krim
rss-krimstad
motiv
de-fyras-gang
aftonbladet-daily
flashback-forever
spar
rss-expressen-dok
rss-sanning-konsekvens
politiken
rss-vad-fan-hande
krimmagasinet
rss-krimreportrarna
kungligt
svd-dokumentara-berattelser-2
olyckan-inifran
rss-flodet