7 Minute Security14 Maalis 2019

7MS #352: Recap of Rad Red Team Training

I recently had the awesome opportunity to take the awesome Real World Red Team course put on by Peter Kim, author of The Hacker Playbook series.

TLDR and TLDR (too long don't listen): go take this training. Please. Now. The end.

If you want to hear more, check out today's podcast episode where I talk about all the wonderful tidbits I learned from Peter during the training, including:

Doppelganger attacks - does your target have a frequently used site like mail.company.com? Try buying up mailcompany.com with a copy of their email portal (using Social Engineer Toolkit), and the creds might come pouring in!
Get potential usable creds from old breaches (Adobe, Ashley Madison, LinkedIn, Spotify)
Password spraying is often really effective to get you your first set of creds - check out Spray or DomainPasswordSpray
When creating phishing payloads, Veil will help you craft something to bypass AV
When you're in a network and have grabbed your first set of creds, run BloodHound or SharpHound to map the Active Directory and find your high-value targets
Check systems for MS17-010 for some potential easy wins
Look for potential accounts that you can Kerberoast

For more info visit today's show notes on 7ms.us

Kokeile Premiumia

Nauti 14 päivää ilmaiseksi

Tilaa Premium

Jaksot(691)

7MS #114: PCI Pentesting 101-Part 3

Part 3 on my series about PCI pentesting. Yeah. That.

2 Joulu 20157min

7MS #113: Big Bag of Random Security Stuff

Yep, this episode is EXACTLY what the title implies.

27 Marras 201510min

7MS #112: This is Sparta!

This episode is about one of my favorite enumeration tools called Sparta - it's built right into Kali 2. And maybe it was in Kali 1 and I totally missed it. But whatevs. I'm happy to have found it now!

25 Marras 20158min

7MS #111: Hacking WPA Enterprise-Part 2

The thrilling (?) conclusion of my experience hacking WPA Enterprise.

20 Marras 20156min

7MS #110: Hacking WPA Enterprise-Part 1

This episode is about my experience hacking WPA enterprise. Huge mega tiger uppercut thanks to this site for giving me the fixes I needed to get this working on Kali2! https://warroom.securestate.com/index.php/evil-twin-attack-using-hostapd-wpe/

17 Marras 20158min

7MS #109: OFFTOPIC-It Follows and Backcountry

Movie reviews of It Follows and Backcountry.

13 Marras 20157min

7MS #108: I'm Going to PWAPT!-Part 2

Here's part 2 (of probably several to come) about my experience with PWAPT (Practical Webapp Pentesting) training last week!

11 Marras 201510min

7MS #107: I'm Going to PWAPT!

Hey I'm going to PWAPT this week (http://www.eventbrite.com/e/practical-web-application-penetration-testing-with-tim-tomes-lanmaster53-tickets-16718889649), so in this episode I talk about that...and how I'll probably be too info-overloaded to record anything on Thursday :-). Oh, and I had a fun Web app pentest this week that I wanted to share some fun bits on.

3 Marras 20157min

Kaikki yhdessä sovelluksessa

Kuuntele kaikki suosikkipodcastisi ja -äänikirjasi yhdessä paikassa.

Sinulle valikoitua sisältöä

Podme-sovelluksessa kokoat suosikkisi helposti omaan kirjastoosi. Saat meiltä myös kuuntelusuosituksia!

Jatka kuuntelua koska tahansa

Voit jatkaa siitä mihin jäit, myös offline-tilassa.

Premium

9,99 €/kk

Kaikki premium-podcastit
Ei mainoksia
Ei sitoutumista, peruuta koska tahansa

Aloita 14 päivän kokeilu

Premium

13,99 €/kk

Kaikki premium-podcastit
Ei mainoksia
Ei sitoutumista, peruuta koska tahansa
Yksi lisäkäyttäjä

Kokeile 14 päivää maksutta

Suosittua kategoriassa Politiikka ja uutiset

rss-tasta-on-kyse-ivan-puopolo-verkkouutiset

Tarinat ja äänet, joita rakastat kuunnella

Kuuntele kaikki suosikkipodcastisi ja -äänikirjasi

Lue lisää