7MS #654: Tales of Pentest Pwnage – Part 67

Hey friends, today my Paul and I kept trying to hack the VulnHub machine based on the movie Billy Madison (see part 1 and 2). In our journey we learned some good stuff: Port knocking is awesome using...

15 Okt 202338min

Today we're talking about 7 steps you can take to (hopefully) reclaim a hacked Facebook account. The key steps are: Ask Facebook for help (good luck with that) Put out an SOS on your socials Flag dow...

6 Okt 202319min

Today we talk about an awesome path to internal network pentest pwnage using downgraded authentication from a domain controller, a tool called ntlmv1-multi, and a boatload of cloud-cracking power on t...

29 Sep 202333min

Today my Paul and I continued hacking Billy Madison (see part one here) and learned some interesting things: You can fuzz a URL with a specific file type using a format like this: wfuzz -c -z file,...

22 Sep 202313min

In today's tale of pentest pwnage we talk about: The importance of local admin and how access to even one server might mean instant, full control over their backup or virtualization infrastructure ...

15 Sep 202314min

Today Amanda Berlin from Blumira teaches us how to unlock the power of Sysmon so we can gain insight into the good, bad and ugly things happening on our corporate endpoints!  Key takeaways: Sysmon tu...

8 Sep 202324min

Today my pal Paul from Project7 and I hack the heck out of Billy Madison a vulnerable virtual machine that is celebrating its 7th anniversary this month!

1 Sep 202336min

Today, sadly, might be the last episode of DIY pentest dropbox tips for a while because I found (well, ChatGPT did actually) the missing link to 100% automate a Kali Linux install! Check episode #449 ...

25 Aug 202318min