7MS #352: Recap of Rad Red Team Training
7 Minute Security14 Maalis 2019

7MS #352: Recap of Rad Red Team Training

I recently had the awesome opportunity to take the awesome Real World Red Team course put on by Peter Kim, author of The Hacker Playbook series.

TLDR and TLDR (too long don't listen): go take this training. Please. Now. The end.

If you want to hear more, check out today's podcast episode where I talk about all the wonderful tidbits I learned from Peter during the training, including:

  • Doppelganger attacks - does your target have a frequently used site like mail.company.com? Try buying up mailcompany.com with a copy of their email portal (using Social Engineer Toolkit), and the creds might come pouring in!

  • Get potential usable creds from old breaches (Adobe, Ashley Madison, LinkedIn, Spotify)

  • Password spraying is often really effective to get you your first set of creds - check out Spray or DomainPasswordSpray

  • When creating phishing payloads, Veil will help you craft something to bypass AV

  • When you're in a network and have grabbed your first set of creds, run BloodHound or SharpHound to map the Active Directory and find your high-value targets

  • Check systems for MS17-010 for some potential easy wins

  • Look for potential accounts that you can Kerberoast

For more info visit today's show notes on 7ms.us

Jaksot(683)

7MS #43: Why Web Site Vulnerability Scanners Can Ruin Your Day (audio)

7MS #43: Why Web Site Vulnerability Scanners Can Ruin Your Day (audio)

Did you know that Web site vulnerability scanners can destroy your customer sites? If not, listen to this. 7MS #43: Why Web Site Vulnerability Scanners Can Ruin Your Day (audio)

28 Helmi 20157min

7MS #42: Vulnerability Scans vs. Pentests (audio)

7MS #42: Vulnerability Scans vs. Pentests (audio)

I think everybody throws around the terms “vulnerability scans” and “pentests” and they mean completely different things from one person to the next. In this episode I try to clarify the differences and distinctions (in my mind, anyways). 7MS #42: Vulnerability Scans vs. Pentests (audio)

14 Helmi 20157min

7MS #41: OSCP – Part 7 (audio)

7MS #41: OSCP – Part 7 (audio)

Tried of talking about OSCP yet? Me neither! 7MS #41: OSCP – Part 7 (audio)

6 Helmi 20156min

7MS #40: OSCP – Part 6 (audio)

7MS #40: OSCP – Part 6 (audio)

PART SIX of a mind-bending series all about OSCP! 7MS #40: OSCP – Part 6 (audio)

31 Tammi 20157min

7MS #39: Infosec on the Disney Boat (audio)

7MS #39: Infosec on the Disney Boat (audio)

I took a Disney cruise with my family recently, and one particular aspect of the trip gave me the Big Brother heebie-jeebies. 7MS #39: Infosec on the Disney Boat (audio)

24 Tammi 20158min

7MS #38: OFFTOPIC – Health and Infosec (audio)

7MS #38: OFFTOPIC – Health and Infosec (audio)

Every once in a while I thought it would be fun to go slightly off topic and talk about other stuff I’m interested in. This episode kind of has a tech twist though. I talk about how I use my iPhone and a few apps to stay at least a little bit in shape. 7MS…

17 Tammi 20157min

7MS #37: Keimpx (audio)

7MS #37: Keimpx (audio)

Ever wanted to pass hashes a whole network at a time? Check out this episode, where I talk about one of my fav new tools called Keipmx. 7MS #37: Keimpx (audio)

10 Tammi 20157min

7MS #36: OSCP – Part 5 (audio)

7MS #36: OSCP – Part 5 (audio)

More talk about OSCP goodness. Download: 7MS #36: OSCP – Part 5 (audio)

3 Tammi 20157min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
ootsa-kuullut-tasta-2
aikalisa
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
politiikan-puskaradio
rss-vaalirankkurit-podcast
aihe
rikosmyytit
the-ulkopolitist
rss-mina-ukkola
rss-hyvaa-huomenta-bryssel
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
linda-maria
rss-aijat-hopottaa-podcast
rss-kovin-paikka
rss-tyolinjalla-pekka-sauri
rss-raha-talous-ja-politiikka
rss-kyselytunti
rss-kalevi-sorsa-saation-podcast