7MS #365: Interview with Ryan Manship and Dave Dobrotka - Part 3
7 Minute Security30 Touko 2019

7MS #365: Interview with Ryan Manship and Dave Dobrotka - Part 3

This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out Authentic8.

First, a bit of miscellany:

  • If you replace "red rain" with "red team" in this song, we might just have a red team anthem on our hands!

  • If you're in the Twin Cities area and looking for an infosec analyst job, check out this posting with UBB. If interested, I can help make an electronic introduction - and/or let 'em know 7 Minute Security sent ya!

Ok, in today's program we're talking about red teaming again with our third awesome installment with Ryan and Dave who are professional red teamers! Today we cover:

  • Recon - it's super important! It's like putting together puzzle pieces...and the more of that puzzle you can figure out, less likely you'll be surprised and the more likely you'll succeed at your objective!

  • Reporting - how do you deliver reports in a way that blue team doesn't feel picked on, management understands the risk, and ultimately everybody leaves feeling charged to secure all the things?

I also asked the questions folks submitted to me via LinkedIn/Slack:

  • Any tips for the most dreaded part of an assessment (reports)?

  • How do you get around PowerShell v5 with restrict language mode without having the ability to downgrade to v2?

  • What's an alternative to PowerShell tooling for internal pentesting? (hint: C# is the hotness)

  • What certs/skills should I pursue to get better at red teaming (outside of "Hey, go build a lab!").

  • Are customers happy to get assessed by a red team exercise, or do they do it begrudgingly because of requirements/regulations?

Jaksot(683)

7MS #596: How to Succeed in Business Without Really Crying - Part 13

7MS #596: How to Succeed in Business Without Really Crying - Part 13

After about a year break (last edition of this series was in October, 2022, we're back with an updated episode of How to Succeed in Business Without Really Crying. We cover: Why we're not planning on selling the business any time soon Fast Google Dorks Scan Using ProtonVPN via command line Our pre first impressions of a pentesting SaaS tool you've almost definitely heard of

4 Marras 202331min

7MS #595: Choosing the Right XDR Strategy with Matt Warner of Blumira

7MS #595: Choosing the Right XDR Strategy with Matt Warner of Blumira

Today we're joined by Matt Warner of Blumira (remember him from episodes #551 and #529 and #507?) to talk about choosing the right XDR strategy! There's a lot to unpack here. Are EDR, MDR and XDR related? Can you get them all from one vendor - and should you? Do you run them on-prem, in the cloud, or both? Join us as Matt answers these questions and more!

31 Loka 20231h 3min

7MS #594: Using PatchMyPC to Auto-Update Pentest Dropboxes

7MS #594: Using PatchMyPC to Auto-Update Pentest Dropboxes

Today we're talking about how you can use PatchMyPc to keep your home PC and/or pentest dropbox automatically updated with the latest/greatest patches!

23 Loka 202329min

7MS #593: Hacking Billy Madison - Part 3

7MS #593: Hacking Billy Madison - Part 3

Hey friends, today my Paul and I kept trying to hack the VulnHub machine based on the movie Billy Madison (see part 1 and 2). In our journey we learned some good stuff: Port knocking is awesome using utilities like knock: /opt/knock/knock 10.0.7.124 1466 67 1469 1514 1981 1986 Sending emails via command line is made (fairly) easy with swaks: swaks --to eric@madisonhotels.com --from vvaughn@polyfector.edu --server 192.168.110.105:2525 --body "My kid will be a soccer player" --header "Subject: My kid will be a soccer player" You could also use telnet and do this command by command - see this article from Black Hills Information Security for more info. Hyda works good for spraying FTP creds: hydra -l user -P passlist.txt ftp://192.168.0.1 Check out my quick cheat sheet about bettercap (see episode #522) for some syntax on extracting WPA handshake data from cap files: # ...it looks like the new standard hash type might be m22000 per this article (https://hashcat.net/forum/thread-10253.html). In that case, here's what I did on the pcap itself to get it ready for hashcat: sudo /usr/bin/hcxpcapngtool -o readytocrack.hc22000 wifi-handshakes.pcap # Then crack with hashcat! sudo /path/to/hashcat -m22000 readytocrack.hc2000 wordlist.txt

15 Loka 202338min

7MS #592: 7 Steps to Recover Your Hacked Facebook Account

7MS #592: 7 Steps to Recover Your Hacked Facebook Account

Today we're talking about 7 steps you can take to (hopefully) reclaim a hacked Facebook account. The key steps are: Ask Facebook for help (good luck with that) Put out an SOS on your socials Flag down the FBI Call the cops! Grumble to your attorney general Have patience Lock it down (once you get the account back)! Also, I have to say that this article was a fantastic resource in helping me create the outline above.

6 Loka 202319min

7MS #591: Tales of Pentest Pwnage - Part 52

7MS #591: Tales of Pentest Pwnage - Part 52

Today we talk about an awesome path to internal network pentest pwnage using downgraded authentication from a domain controller, a tool called ntlmv1-multi, and a boatload of cloud-cracking power on the cheap from vast.ai. Here's my chicken scratch notes for how to take the downgraded authentication hash capture (using Responder.py -I eth0 --lm) and eventually tweeze out the NTLM hash of the domain controller (see https://7ms.us for full show notes).

29 Syys 202333min

7MS #590: Hacking Billy Madison - Part 2

7MS #590: Hacking Billy Madison - Part 2

Today my Paul and I continued hacking Billy Madison (see part one here) and learned some interesting things: You can fuzz a URL with a specific file type using a format like this: wfuzz -c -z file,/root/Desktop/wordlist.txt --hc 404 http://x.x.x.x/FUZZ.cap To rip .cap files apart and make them "pretty" you can use tpick: tcpick -C -yP -r tcp_dump.pcap Or tcpflow: apt install tcpflow tcpflow -r To do port knocking, you can use the knock utility: sudo git clone https://github.com/grongor/knock /opt/knock knock 1.2.3.4 21 23 25 69 444 7777777

22 Syys 202313min

7MS #589: Tales of Pentest Pwnage - Part 51

7MS #589: Tales of Pentest Pwnage - Part 51

In today's tale of pentest pwnage we talk about: The importance of local admin and how access to even one server might mean instant, full control over their backup or virtualization infrastructure Copying files via WinRM when copying over SMB is blocked: $sess = New-PSSession -Computername SERVER-I-HAVE-LOCAL-ADMIN-ACCESS-ON -Credential * ...then provide your creds...and then: copy-item c:\superimportantfile.doc -destination c:\my-local-hard-drive\superimportantfile.doc -fromsession $sess If you come across PowerShell code that crafts a secure string credential, you may able to decrypt the password variable with: [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($MyVarIWantToDecryptGoesHere))

15 Syys 202314min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
ootsa-kuullut-tasta-2
aikalisa
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
politiikan-puskaradio
rss-vaalirankkurit-podcast
aihe
rikosmyytit
the-ulkopolitist
rss-mina-ukkola
rss-hyvaa-huomenta-bryssel
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
linda-maria
rss-aijat-hopottaa-podcast
rss-kovin-paikka
rss-tyolinjalla-pekka-sauri
rss-raha-talous-ja-politiikka
rss-kyselytunti
rss-kalevi-sorsa-saation-podcast