7MS #164: Pentesting in a Vacuum - Part 2

7MS #164: Pentesting in a Vacuum - Part 2

Check out the show notes for today's episode here: https://7ms.us/7ms-164-pentesting-in-a-vacuum-part-2/

Avsnitt(697)

7MS #400: Tales of Internal Pentest Pwnage - Part 14

7MS #400: Tales of Internal Pentest Pwnage - Part 14

Wow, happy 400th episode everybody! Also, happy SIXTH birthday to the 7MS podcast! Today I've got a really fun tale of internal network pentest pwnage to share with you, as well as a story about a "poop-petrator." Key moments and takeaways include: Your target network might have heavy egress filtering in place. I recommend doing full apt-get update and apt-get upgrade and grabbing all the tools you need (may I suggest my script for this?). If the CrackMapExec --sam flag doesn't work for you, give secretsdump a try, as I ran it on an individual Win workstation and it worked like a champ! If the latest mimikatz release doesn't rip out passwords for you, try the release from last August. For whatever reason (thanks 0xdf) for the tip! If your procdumps of lsass appear to be small, endpoint protection might be getting in the way! You might be able to figure out what's running - and stop the service(s) - with CrackMapExec and the -x 'tasklist /v' flag. If you need to bypass endpoint protection, don't be afraid to go deep into the Google search results. Unfortunately, I think that's all I can say about that, as vendors seem to get snippy about talking about bypasses publicly. Has 7MS helped you in your IT and security career? Please consider buying me a coffee!

14 Feb 20201h 4min

7MS #399: Baby's First Password Cracking Rig

7MS #399: Baby's First Password Cracking Rig

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. Believe it or not I'm pentesting your stuff I never thought I could feel so free-hee-hee I compromised one of your Domain Admins Who it could be? The guy with "Password123" In today's episode we're talking all about building your own password-cracking rig! "Wait a minute!" you say. "Are you abandoning the Paperspace password cracking in the cloud thing?" Nope! I'm just bringing that methodology "in house" for a little better opsec and also because last year on Paperspace I spent thousands of dollars. First things first - here's the hardware I ended up with: Inland Premium 512GB SSD 3D NAND M.2 2280 PCIe NVMe 3.0 x4 Internal Solid State Drive [Intel Core i5-9400F Desktop Processor 6 Core up to 4.1GHz Without Processor Graphics LGA1151 (Intel 300 Series chipset)](https://www.microcenter.com/product/602028/intel-core-i5-9400f-desktop-processor-6-core-up-to-41ghz-without-processor-graphics-lga1151-(intel-300-series-chipset) ASUS ROG Strix Z390-H Gaming LGA 1151 ATX Intel Motherboard EVGA SuperNOVA 1200P2 1200 Watt 80 Plus Platinum Modular Power Supply For a full shopping list and more notes, head to 7ms.us!

7 Feb 202042min

7MS #398: Securing Your Network with Raspberry Pi Sensors

7MS #398: Securing Your Network with Raspberry Pi Sensors

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. I'll be your Raspberry Pi zero baby I don't know what else to say I'll keep bad stuff off of your network I will do it both night and day Today I talk about four cool Raspberry Pi projects that will help you better secure your network. First off though, I give a shout out to my son Atticus who I want to be more like because he doesn't give a rat's behind what other people think of him! The cool Pi-based projects I love are: Pi-Hole is a black hole for Internet advertisements and it literally installs with just a few commands: git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole cd "Pi-hole/automated install/" sudo bash basic-install.sh Pwnagotchi is a cute little devil who exists only to capture WPA handshakes! I did a whole episode on it, and invite you to build a DYI Pwnagotchi with me live on Feb 10. How to use a Raspberry Pi as a Network Sensor is a really cool Webinar I watched (brought to us by our pals at BHIS and ActiveCountermeasures) that shows you how to use a Pi with an external drive to install Bro and other tools to help you find bad stuff on your network. CanaryPi is freaking sweet and can detect NBNS/LLMNR/mDNS spoofing as well as port-scanning, yeah baby! And coming soon (hopefully): mitm6 detection! Has 7MS helped you in your IT and security career? Please consider buying me a coffee!

30 Jan 202050min

7MS #397: OPSEC Tips for Security Consultants

7MS #397: OPSEC Tips for Security Consultants

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. I'm working on a new security song called Don't Let the Internet Get You Down, and the chorus will go something like this: Don't let the Internet get you down It's full of trolls and 10 year olds and adolescent clowns So let their words roll off of you, like water off a duck To prove to them that you don't give a darn On a more serious note, here are some opsec tips that hopefully will help you as a security consultant: Good contracts - make sure your SOWs have lots of CYA verbiage to protect you in case something breaks, your assessment schedule needs to be adjusted, etc. Also, consider verbiage that says you'll only retain client testing artifacts (hashes, vuln scans, etc.) for a finite amount of time. Scope - make sure you talk about scope, both in written and verbal form, often! Also, a Nessus scanning tip: use the nessusd.rules file to not scan any IPs the client doesn't want touched. That way Nessus won't scan those IPs even if you try to force it to! Send information to/from clients safely - consider forcing MFA on your file-sharing portals, as well as a retention policy so that files "self destruct" after X days. ....and more on today's episode (see 7ms.us for more show notes)! Has 7MS helped you in your IT and security career? Please consider buying me a coffee!

23 Jan 202036min

7MS #396: Tales of Internal Pentest Pwnage - Part 13

7MS #396: Tales of Internal Pentest Pwnage - Part 13

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. In last week's episode I was very close to potentially synching up some very sensitive data with my super secret back door account. In this episode, we resolve the cliffhanger and talk about: How I don't remember lyrics or titles to songs - even the ones I love - such as My Prerogative. That's why Jack Black is my spirit animal, and he's awesome for singing Elton John songs right to Elton John If you get DA (relatively) quickly, consider pivoting to a network assessment and crack hashes with secretsdump, test egress filtering, run Network Detective and more Once you've cracked all the hashes you can, run it through hashcombiner and Pipal like this: python /opt/hashcombiner/hash_combiner.py user_hash hash_password | sort > combined.txt cut -d ':' -f 2 combined.txt > passwords.txt ruby /opt/pipal/pipal.rb passwords.txt > pip.txt The procdump + lsass trick is still really effective (though sometimes AV gobbles it) (See full show notes at 7ms.us!)

15 Jan 202053min

7MS #395: Tales of Internal Pentest Pwnage - Part 12

7MS #395: Tales of Internal Pentest Pwnage - Part 12

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. In today's tale of pentest pwnage I got to try some tools and tricks for the first time! Here are the key points/takeaways from this test: It's great to have additional goals to achieve in a network pentest outside of just "get DA" PayloadsAllTheThings has a great section on Active Directory attacks Using mitm6 and ntlmrelayx is now my new favorite thing thanks to The Cyber Mentor's fantastic video showing us exactly how to launch this attack! If you're scared of running mitm6 and accidentally knocking folks off your network, setup your Kali box to reboot in a few minutes just to be safe. Do something like: shutdown -r +15 "Rebooting in 15 minutes just in case I mitm6 myself right off this box!" When mitm6+ntlmrelay dumps out a series of html/json files with lists of users, groups, etc., read through them! Sometimes they can include treats...like user passwords in the comment fields! Use crackmapexec smb IP.OF.DOMAIN.CONTROLLER -u username -p password to verify if your domain creds are good! There are a bunch of people I need to thank because their tools/encouragement/advice played a part in making the test successful. See today's show notes on 7ms.us for more info!

9 Jan 20201h 5min

7MS #394: DIY Pwnagotchi

7MS #394: DIY Pwnagotchi

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. Sung to the tune of "Do You Wanna Build a Snowman" Do you wanna build a Pwnagotchi? Even though you thought you never would? I really hope mine doesn't ever break It grabs wifi handshakes It does it really good! Today's episode is all about Pwnagotchi, a cute little device whose sole purpose in life is to gobble WPA handshakes! Check out today's episode to learn more about the device (as well as some pwn-a-gotchas that you should be aware of), and then come to the next 7MS user group meeting to build your own! If you can't make this meeting I'll also do a Webinar version of the presentation - likely in February or March, so stay tuned to our Webinars page. At the end of today's episode I talk about my troll foot. I fractured my ankle on Christmas Eve and was basically this lady. At the end of the day I received an avulsion fracture and it kinda made my Christmas stink. But 2020 is gonna absolutely rip, friends!

3 Jan 202043min

7MS #393: Interview with Peter Kim

7MS #393: Interview with Peter Kim

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Peter Kim of The Hacker Playbook series joins me today to talk about all things hacking! Peter runs a popular west coast hacker meetup, and I was fortunate enough to attend his Real World Red Team training, which I wrote a review about here. Peter sat down with me over Skype to talk about: The origin story of The Hacker Playbook series (btw please buy it, don't steal it! :-) How do you balance work and family life when trying to pwn all the things and have a personal life and significant other? How do you break into security when your background is in something totally different, like a mechanic, artist or musician? What are some good strategies when approaching a red team engagement - do you always start "fresh" from the perimeter? Do you assume compromise and throw a dropbox on the network? Some combination of both? What are some other low-hanging fruit organizations can use to better defend their networks? Do you run across some of these good defenses - like honeypots - in your engagements? If you could put on a wizard hat and solve one security problem (be it technical, personnel or something else) what would it be? ...and more!

26 Dec 20191h 24min

Populärt inom Politik & nyheter

aftonbladet-krim
p3-krim
rss-krimstad
motiv
fordomspodden
rss-viva-fotboll
flashback-forever
svenska-fall
rss-sanning-konsekvens
aftonbladet-daily
rss-vad-fan-hande
dagens-eko
olyckan-inifran
svd-dokumentara-berattelser-2
grans
rss-frandfors-horna
blenda-2
rss-flodet
rss-krimreportrarna
krimmagasinet