7MS #390: Tales of Internal Network Pentest Pwnage - Part 11
7 Minute Security6 Dec 2019

7MS #390: Tales of Internal Network Pentest Pwnage - Part 11

Today's episode is brought to you by ITProTV. It's never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute.

Today's episode is a twofer. That's right, two tales of internal network pentest pwnage. Whoop whoop! We cover:

  • What the SDAD (Single Domain Admin Dance) and DDAD (Double Domain Admin Dance) are (spoiler: imagine your dad trying to dance cool...it's like that, but more awkward)

  • A good way to quickly find domain controllers in your environment: nslookup -type=SRV _ldap._tcp.dc._msdcs.YOURDOMAIN.SUFFIX

  • This handy script runs nmap against subnets, then Eyewitness, then emails the results to you

  • Early in the engagement I'd highly recommend checking for Kerberoastable accounts

  • I really like Multirelay to help me pass hashes, like:

MultiRelay.py -t 1.2.3.4 -u bob.admin Administrator yourmoms.admin

  • Once you get a shell, run dump to dump hashes!

  • Then, use CME to pass that hash around the network!

crackmapexec smb 192.168.0.0/24 -u Administrator -H YOUR-HASH-GOES-HERE --local auth

  • Then, check out this article to use NPS and get a full-featured shell on your targets

Avsnitt(711)

7MS #711: How to Secure Your Community

7MS #711: How to Secure Your Community

Hello friends, it's good to be back with you.  I took a podcast hiatus in January to focus on helping communities affected by Operation Metro Surge.  Today I share how my family and community has been...

27 Feb 51min

7MS #710: I'm Taking a Break

7MS #710: I'm Taking a Break

Hi friends, I'm going to be taking a break from producing podcast episodes, as well as content over at 7MinSec.club.  It's a temporary break, so please don't unsubscribe, unfollow, etc.  I need some e...

17 Jan 4min

7MS #709: Second Impressions of Twingate

7MS #709: Second Impressions of Twingate

Hey friends, in episode #649 I gave you my first impressions of Twingate.  It's been a minute, so I thought I'd revisit Twingate (specifically this awesome Twingate LXC) and talk about how we're using...

10 Jan 20min

7MS #708: Tales of Pentest Fail – Part 6

7MS #708: Tales of Pentest Fail – Part 6

After sharing a recent story about how a phishing campaign went south, I heard feedback from a lot of you.  You either commiserated with my story, told me I wussed out, and/or had a difficult story of...

2 Jan 25min

7MS #707: Our New Pentest Course Has Launched!

7MS #707: Our New Pentest Course Has Launched!

Today we're thrilled to announce the launch of LPLITE:GOAD (Light Pentest Live Interactive Training Experience: Game of Active Directory). The first class is coming up Tuesday, January 27 – Thursday, ...

26 Dec 202514min

7MS #706: Tales of Pentest Pwnage – Part 80

7MS #706: Tales of Pentest Pwnage – Part 80

I'm so excited to share today's tale of pentest pwnage, because it brings back to life a coercion technique I thought wouldn't work against Windows 11! Spoiler alert: check out rpc2efs, as well as the...

19 Dec 202529min

7MS #705: A Phishing Campaign Fail Tale

7MS #705: A Phishing Campaign Fail Tale

This might be obvious, but security is not all domain admin dancing and maximum pwnage. Sometimes, despite my best efforts, a security project does a faceplant. Today's episode focuses on a phishing c...

12 Dec 202521min

7MS #704: DIY Pentest Dropbox Tips – Part 12

7MS #704: DIY Pentest Dropbox Tips – Part 12

Hola friends!  My week has very much been about trying to turnaround pentest dropboxes as quickly as possible.  In that adventure, I came across two time-saving discoveries: Using a Proxmox LXC as a ...

5 Dec 202524min

Populärt inom Politik & nyheter

aftonbladet-krim
motiv
rss-krimstad
p3-krim
fordomspodden
spar
flashback-forever
rss-viva-fotboll
aftonbladet-daily
rss-sanning-konsekvens
blenda-2
svenska-fall
rss-krimreportrarna
rss-vad-fan-hande
rss-frandfors-horna
olyckan-inifran
rss-flodet
dagens-eko
svd-dokumentara-berattelser-2
krimmagasinet