7MS #371: Tales of Internal Pentest Pwnage - Part 4
7 Minute Security12 Juli 2019

7MS #371: Tales of Internal Pentest Pwnage - Part 4

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://pro.tv/7minute

Happy belated 4th of July! Today I've got another fun tale of internal pentest pwnage that comes out of a few recent assessments I did. These tests were really fun because the clients had good defensive measures in place, such as:

  • Having separate accounts for day-to-day operations and administrative/privileged tasks
  • Local Administrator account largely disabled across the enterprise
  • Lean membership in privileged groups (Domain Admins, Enterprise Admins, Schema Admins, etc.)
  • Hard-to-crack passwords!

Will I succeed in getting a solid foothold on this network and (hopefully) escalate to Domain Admin? Check out today's episode to find out!

Upptäck Premium

Prova 14 dagar kostnadsfritt

Prova gratisArrow Right

Avsnitt(686)

7MS #631: Tales of Pentest Pwnage – Part 58

7MS #631: Tales of Pentest Pwnage – Part 58

Hi friends, today’s a tale full of test tips and tools to help you in your adventures in pentesting! SCCM Exploitation SCCM Exploitation: The First Cred Is the Deepest II w/ Gabriel Prud’homme – fantastic resource for learning all about attacking SCCM – starting from a perspective of zero creds CMLoot – find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares Snaffler – finds all the interesting SMB shares and juicy file contents Efflanrs – takes the raw Snaffler log and turns it into an interactive Web app! RubeusToCcache – a small tool to convert Base64-encoded .kirbi tickets from Rubeus into .ccache files for Impacket

7 Juli 202415min

7MS #630: Epic Road Trip Served with Security Sprinkles

7MS #630: Epic Road Trip Served with Security Sprinkles

Today I recap a two week persona/biz road trip and talk about the security stuff that got sprinkled into it, including: Family members who don’t care about their personal security Weakpass – a cool collection of word lists for brute-forcing and spraying that I’d never heard of Working on two security Webinars for Netwrix (here’s part 1: Mastering Password Security & Active Directory Monitoring, and and part 2: Advanced Strategies for SQL Server Protection & Sensitive Information Security) The moment we though our credit card was stolen at a waterpark A shameless plug for our fun interview with Stu the recruiter Some internal pentest tips that have given us some gold in recent assessments Super fast, spoiler-free movie reviews of Roadhouse, Arcadian, Late Night with the Devil and The Coffee Table

1 Juli 202445min

7MS #629: Interview with Stu Musil of Ambient Consulting

7MS #629: Interview with Stu Musil of Ambient Consulting

Today we have a fun featured interview with my new friend Stu Musil of Ambient Consulting I had a great time talking with Stu about bashing come common misconceptions people have about working with recruiters, plus tackling some frequently asked questions: How do you properly vet a recruiter you don’t know, but who offers a job opportunity you’re interested in? What questions should you ask a potential recruiter to get a feel for their level of experience in the industry (hint, if a recruiter doesn’t even have a LinkedIn page, that’s probably a red flag) Resume tips: Finding the right length and tone Tailoring your resume for each individual job Highlighting your strengths Do people still use cover letters when applying to a gig? Is a “hobbies and interests” section still a good idea on a resume (to show them you’re not a robot who works 24/7)? Lets talk about some horror and/or success stories from the world of recruiting!

24 Juni 202446min

7MS #628: How to Succeed in Business Without Really Crying – Part 17

7MS #628: How to Succeed in Business Without Really Crying – Part 17

Hey friends, today we talk about some not-so-glamorous but ever-so-important stuff related to running a cybersecurity consultancy, including: Taking an inventory of all the SaaS stuff your business uses – to keep an eye on spending, know when services are expiring, and track which credit card the services are tied to (so the services don’t almost get cancelled like some did with me!) Tracking domain names, and setting up your own automated rules to notify you well ahead of time when a domain is expiring (maybe that passion project is never gonna happen…time to let those old domains go 🙂 Making a spreadsheet of all important accounts and checking all the auth methods allowed for each account – to prevent attacks such as SIM-swapping

14 Juni 20249min

7MS #627: Migrating from vCenter to Proxmox – Part 2

7MS #627: Migrating from vCenter to Proxmox – Part 2

Hey friends, today we continue our series all about migrating from VMWare to the world Proxmox!  Specifically: Getting my first Proxmox-based NUCs out in the field for live engagements! Pulling the trigger on two bare-metal Proxmox servers to eventually replace my vCenter environment. OVHCloud made it super easy to to add Proxmox to those bare-metals with a simple wizard. I couldn’t figure out how to get a Proxmox VM as the main firewall for the whole Proxmox node, but it turns out it helps to RTFM. When getting a bare-metal OS/hypervisor installed, be careful in that the provider may leave the management ports of that host open to the whole world.  In OVH’s case, they have a software firewall that can be tuned so that, for example, only you can hit the management ports for the box. Getting VLANs setup is a snap once the virtual hardware stuff is in place.

10 Juni 202435min

7MS #626: Web Pentesting Pastiche

7MS #626: Web Pentesting Pastiche

Hey friends, today we’ve got a security milkshake episode about Web app pentesting. Specifically we talk about: Burp Suite Enterprise Caido – a lightweight alternative to Burp wfuzz – Web fuzzer.  Using a proxy:wfuzz -c -z file,/usr/share/wfuzz/wordlist/Injections/XSS.txt –sc 200 “https://somedomain.com/shopping?&qty=%2FUZZ” -p 10.0.7.11:8080 KNOXSS – for XSS testing – pairs nicely with this wrapper: https://github.com/xnl-h4ck3r/knoxnl In the tangent dept, I moan about how I hate some things about Proxmox but am also starting to love it. In the tangent #2 department, I talk about tinnitus and acupuncture!

31 Maj 202450min

7MS #625: A Peek into the 7MS Mail Bag - Part 4

7MS #625: A Peek into the 7MS Mail Bag - Part 4

Road trip time! I’ve been traveling this week doing some fun security projects, and thought all this highway time would be a perfect opportunity to take a dip into the 7MS mail bag!  Today’s questions include: How do you price internal network penetration tests? Have you ever had to deal with a difficult client situation, and how did you resolve it? Are you done going after certs?  Spoiler: no – I’m interested in doing the XINTRA labs (not sure if it includes a cert) Do you provide managed services or just stick with more “one and done” assessment work? You said the “smart business people” tell you to form reseller partnerships, otherwise you’re leaving money on the table – so why don’t you? I’m thinking of starting my own cybersecurity consultancy – what type of insurance do I need to protect me in case of a digital “oops?”

24 Maj 202444min

7MS #624: Tales of Pentest Pwnage – Part 57

7MS #624: Tales of Pentest Pwnage – Part 57

Today’s tale of pentest pwnage is all about my new favorite attack called SPN-less RBCD. We did a teaser episode last week that actually ended up being a full episode all about the attack, and even step by step commands to pull it off.  But I didn’t want today’s episode to just be “Hey friends, check out the YouTube version of this attack!” so I also cover: Our first first impressions of Burp Enterprise Why I have a real hard time believing you have to follow all these steps to install Kali on Proxmox

17 Maj 202429min

Allt en och samma app

Lyssna på dina favoritpoddar och ljudböcker på ett och samma ställe.

Noga utvalt innehåll

Njut av handplockade tips som passar din smak – utan ändlöst scrollande.

Fortsätt när du vill

Fortsätt lyssna där du slutade – även offline.

Premium

99 kr/mån

  • Tillgång till alla Premium-poddar
  • Lyssna utan reklam
  • Avsluta när du vill

Premium

129 kr/mån

  • Tillgång till alla Premium-poddar
  • Lyssna utan reklam
  • Avsluta när du vill
  • Ett extra konto

Populärt inom Politik & nyheter

p3-krim
rss-viva-fotboll
flashback-forever
rss-krimstad
rss-sanning-konsekvens
svenska-fall
olyckan-inifran
aftonbladet-daily
rss-vad-fan-hande
motiv
fordomspodden
krimmagasinet
svd-dokumentara-berattelser-2
rss-frandfors-horna
dagens-eko
blenda-2
rss-expressen-dok
svd-nyhetsartiklar
rss-mord-forsvinnanden
spotlight

Berättelserna och rösterna du älskar att lyssna på

Obegränsad lyssning på alla dina favoritpoddar och ljudböcker

Upptäck PremiumArrow Right