7MS #357: 7 Minutes of IT and Security Tips
7 Minute Security11 Huhti 2019

7MS #357: 7 Minutes of IT and Security Tips

Today I'm launching an ongoing series called 7MOIST. It stands for:

  • 7
  • Minutes
  • of
  • IT
  • and
  • Security
  • Tips

The wildest, craziest, nuttiest part of this series is that each episode will be 7 minutes long!

I know, I know! You're saying, "Wait a sec, bub, isn't that why this podcast is called 7 Minute Security in the first place?" And yes, you'd be right.

Basically, this is my way of going old school and getting back my podcast "roots" by delivering an episode before we had an intro jingle, interviews, sponsors, banter about hot cocoas or an outro song. Nothing but delicious content today friends, Enjoy!

Today's theme is:

Windows command line shortcuts and tips: Creative ways to play with cmd

Basically, you can do Windows Key + R then type cmd and Enter for quick access to command line.

But lets do some more fun stuff. Wanna open a command window from the desktop and launch a command in one swoop? Try this:

cmd /k

For example:

cmd /k ping 192.168.0.1

The cmd /k part opens a command window, and then ping 192.168.0.1 can be whatever command you also want to run on the fly.

And if you want to start programs and/or open files right from the command line, you can do that (in most cases) by just typing the program name, like:

notepad

Or, get really fancy and add a document name after the command. For example:

notepad meow.txt

If meow.txt doesn't exist, Notepad will simply ask you to create it!

Finding files faster

Call me crazy, but the Windows find/search feature sometimes doesn't find stuff that I know is there. So I still like using old school DOS commands for this. I might do something like:

cd \ dir /s *brian*.doc

The dir stands for directory, and the /s tells the system to search recursively.

See 7ms.us for the rest of today's show notes!

Jaksot(683)

7MS #676: Tales of Pentest Pwnage – Part 72

7MS #676: Tales of Pentest Pwnage – Part 72

Today’s fun tale of pentest pwnage discuss an attack path that would, in my opinion, probably be impossible to detect…until it’s too late.

27 Touko 59min

7MS #675: Pentesting GOAD – Part 2

7MS #675: Pentesting GOAD – Part 2

Hey friends! Today Joe “The Machine” Skeen and I tackled GOAD (Game of Active Directory) again – this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!

16 Touko 31min

7MS #674: Tales of Pentest Pwnage – Part 71

7MS #674: Tales of Pentest Pwnage – Part 71

Today’s tale of pentest pwnage is another great one!  We talk about: The SPNless RBCD attack (covered in more detail in this episode) Importance of looking at all “branches” of outbound permissions that your user has in BloodHound This devilishly effective MSOL-account-stealing PowerShell script (obfuscate it first!) A personal update on my frustration with ringing in my ears

9 Touko 49min

7MS #673: ProxmoxRox

7MS #673: ProxmoxRox

Today we’re excited to release ProxmoxRox – a repo of info and scripts to help you quickly spin up Ubuntu and Windows VMs.  Also, some important news items: 7MinSec.club in-person meeting is happening Wednesday, May 14!  More details here. We did our second Tuesday TOOLSday this week and showed you some local privesc techniques when you have local admin on an endpoint

3 Touko 30min

7MS #672: Tales of Pentest Pwnage – Part 70

7MS #672: Tales of Pentest Pwnage – Part 70

Today’s a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using evil-winrm and make our getaway with some privileged Kerberos TGTs!  I also share an (intentionally) vague story about a personal struggle I could use your thoughts/prayers/vibes with.

25 Huhti 55min

7MS #671: Pentesting GOAD

7MS #671: Pentesting GOAD

Hello! This week Joe “The Machine” Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory).  In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hashcat

18 Huhti 25min

7MS #670: Adventures in Self-Hosting Security Services

7MS #670: Adventures in Self-Hosting Security Services

Hi friends, today I’m kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about transfer.zip. By self-hosting your own instance of transfer.zip, you can send and receive HUGE files that are end-to-end encrypted using WebRTC.  Sweet!  I also supplemented today’s episode with a short live video over at 7MinSec.club.

11 Huhti 36min

7MS #669: What I’m Working on This Week – Part 3

7MS #669: What I’m Working on This Week – Part 3

Hi friends, in this edition of what I’m working on this week: 3 pulse-pounding pentests that had…problems Something I’m calling the unshadow/reshadow credentials attack Heads-up on a new video experiment I’m going to try next week

4 Huhti 42min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
ootsa-kuullut-tasta-2
aikalisa
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
politiikan-puskaradio
rss-vaalirankkurit-podcast
aihe
rikosmyytit
the-ulkopolitist
rss-mina-ukkola
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
rss-hyvaa-huomenta-bryssel
rss-kyselytunti
linda-maria
rss-aijat-hopottaa-podcast
rss-kovin-paikka
rss-kaikki-paskaksi-ystavat
rss-tyolinjalla-pekka-sauri
rss-raha-talous-ja-politiikka