7MS #405: Tales of Internal Pentest Pwnage - Part 16

Today's a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using evil-winrm and make our ge...

25 Huhti 202555min

Hello! This week Joe "The Machine" Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory). In part one we covered: Checking for null session enumeration on domain contr...

18 Huhti 202525min

Hi friends, today I'm kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about transfer.zip. By self-hosting your own instance of transfer.zip...

11 Huhti 202536min

Hi friends, in this edition of what I'm working on this week: 3 pulse-pounding pentests that had…problems Something I'm calling the unshadow/reshadow credentials attack Heads-up on a new video experi...

4 Huhti 202542min

Hola friends! Today's tale of pentest pwnage talks about abusing Exchange and the Azure ADSync account! Links to the discussed things: adconnectdump – for all your ADSync account dumping needs! Adam ...

28 Maalis 202530min

Hey friends, our good buddy Joe "The Machine" Skeen and I are back this week with part 2 (check out part 1!) tackling GOAD SCCM again! Spoiler alert: this time we get DA! YAY! Definitely check out t...

21 Maalis 202528min

Today we have a smattering of miscellaneous pentest tips to help you pwn all the stuff! Selective Snaffling with Snaffler The importance of having plenty of dropbox disk space – for redundant remote ...

14 Maalis 202545min

Hello there friends, I'm doing another "what I'm working on this week" episode which includes: BPATTY v1.6 release – big/cool/new content to share here PWPUSH – this looks to be an awesome way (both ...

7 Maalis 202528min