7MS #690: Tales of Pentest Pwnage – Part 74

Today we're talking about 7 steps you can take to (hopefully) reclaim a hacked Facebook account. The key steps are: Ask Facebook for help (good luck with that) Put out an SOS on your socials Flag dow...

6 Okt 202319min

Today we talk about an awesome path to internal network pentest pwnage using downgraded authentication from a domain controller, a tool called ntlmv1-multi, and a boatload of cloud-cracking power on t...

29 Sep 202333min

Today my Paul and I continued hacking Billy Madison (see part one here) and learned some interesting things: You can fuzz a URL with a specific file type using a format like this: wfuzz -c -z file,...

22 Sep 202313min

In today's tale of pentest pwnage we talk about: The importance of local admin and how access to even one server might mean instant, full control over their backup or virtualization infrastructure ...

15 Sep 202314min

Today Amanda Berlin from Blumira teaches us how to unlock the power of Sysmon so we can gain insight into the good, bad and ugly things happening on our corporate endpoints!  Key takeaways: Sysmon tu...

8 Sep 202324min

Today my pal Paul from Project7 and I hack the heck out of Billy Madison a vulnerable virtual machine that is celebrating its 7th anniversary this month!

1 Sep 202336min

Today, sadly, might be the last episode of DIY pentest dropbox tips for a while because I found (well, ChatGPT did actually) the missing link to 100% automate a Kali Linux install! Check episode #449 ...

25 Aug 202318min

Hey friends, today I'm super excited to share I found the missing link! Specifically, the missing piece that now allows me to create fully automated Windows 10 installs that serve as virtual pentest j...

18 Aug 202324min