7MS #426: Tales of Internal Pentest Pwnage - Part 19
7 Minute Security7 Elo 2020

7MS #426: Tales of Internal Pentest Pwnage - Part 19

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.

First and foremost, I have to say that 7 Minute Security's official stance on toads is that nobody should be licking them at any time, for any reason. Also, I can neither confirm nor deny that toads can catch coronavirus. Listen to today's episode...it'll make more sense.

We've got another swell tale of internal pentest pwnage for you today! Highlights include:

  • If you've collected a ton of hashes with Responder, the included DumpHash.py gives you a lovely organized list of collected hashes!

  • Here's one way you can grab the latest CME binary:

curl https://github.com/byt3bl33d3r/CrackMapExec/releases/download/v5.0.1dev/cme-ubuntu-latest.zip -L -o cme.zip

Note to self: I must've been using outdated CME forever, because the correct syntax to get the wdigest flag is now a little different:

cme smb HOST -u localadmin -H "hash" --local-auth -M wdigest -o ACTION=enable

  • If you're looking to block IPv6 (ab)use in your environment, this article has some great tips.

  • When testing in an environment with a finely tuned SIEM, I highly recommend you download all the Kali updates and tools ahead of time, as sometimes just the call out to kali.org gets flagged and alerted on to the security team

  • Before using the full hatecrack methodology, I like to run hashes straight through the list of PwnedPasswords from hashes.org (which appears to currently be offline) first to give the org an idea as to what users are using easy-to-pwn passwords.

  • A question for YOU reading this: what's the best way to do an LSASS dump remotely without triggering AV? I can't get any of the popular methods to work. So pypykatz is my go-to.

  • I learned that PowerView is awesome for finding attractive shares! Run it with Find-InterestingDomainShareFile to find, well, interesting files! Files with password or sensitive or admin in the title - and much more!

  • Got to use PowerUpSQL to audit some MS SQL sauce, and I found this presentation (specifically slide ~19) really helpful in locating servers I could log into and any SQL vulnerabilities the boxes were ripe for.

Jaksot(684)

7MS #492: Tales of Pentest Pwnage - Part 29

7MS #492: Tales of Pentest Pwnage - Part 29

Hello friends! We're long overdue for a tale of pentest pwnage, and this one is a humdinger! It's actually kind of three tales in one, focusing on pentesting wins using: Manual "open heart surgery" on the root of the Active Directory domain The new totally rad DHCP poisoning module of Responder An opportunity to abuse GPOs with SharpGPOAbuse (P.S. we talked about this tool about a year ago in episode 441)

28 Loka 202156min

7MS #491: Interview with Louis Evans of Arctic Wolf

7MS #491: Interview with Louis Evans of Arctic Wolf

Today we're joined by Louis Evans of Arctic Wolf to talk about all things cyber insurance, including: History on cyber insurance - who's buying it, what it does and doesn't cover, and when it started to be something you didn't want to leave home without What are insurance companies asking/demanding of customers before writing a cyber insurance policy? What basic things organizations can do to reduce malware/ransomware incidents (whether they are considering a cyber insurance policy or not)? How do I evaluate the various insurance carriers out there and pick a good one?

20 Loka 202152min

7MS #490: Desperately Seeking a Super SIEM for SMBs - Part 4

7MS #490: Desperately Seeking a Super SIEM for SMBs - Part 4

Hey friends! Today we're going to recap the SIEM/SOC players we've evaluated so far (Arctic Wolf, Elastic, Sumo Logic, Milton Security) and then talk about a new contender that was brought to our attention: Blumira (not a sponsor, but I'm really digging what I'm seeing/hearing/experiencing thus far)!

13 Loka 202142min

7MS #489: Ping Castle

7MS #489: Ping Castle

Today we're talking about Ping Castle (not a sponsor), an awesome tool for enumerating tons of info out of your Active Directory environment and identifying weaknesses, misconfigurations and paths to escalation! It's wonderful for both red and blue teamers. Some of Ping Castle's cool features include being able find: Kerberoastable and ASREPRoastable users Plain text passwords lingering in Group Policy Objects Users with never-expiring passwords Non-supported versions of Windows Machines configured with unconstrained delegation Attack and escalation paths to Domain Admins

6 Loka 202158min

7MS #488: How to Succeed in Business Without Really Crying - Part 10

7MS #488: How to Succeed in Business Without Really Crying - Part 10

Today we continue our series focused on building a security consultancy and talk about: A phishing campaign that went off the rails, and lessons learned from it First impressions of an awesome tool to help add MFA to your Active Directory (not a sponsor) A tangent story about how my wife brought some thieves to justice!

29 Syys 202143min

7MS #487: Light Pentest eBook Announcement!

7MS #487: Light Pentest eBook Announcement!

Hey friends! Today I've got some exciting personal/professional news to share: our Light Pentest eBook - which is a practical, step-by-step playbook for internal network penetration testing - is now available for purchase! Note: this eBook and the Light Pentest LITE training are two separate things, but do cover some of the same topics. The Light Pentest eBook covers: Grabbing and analyzing packet captures Abusing insecure network protocols Exploiting (the lack of) SMB signing Capturing, cracking and passing hashes Locating high-value targets with DNS zone transfers Exploiting vulnerable Group Policy Objects Scraping screenshots of Web interfaces with WitnessMe Finding and cracking "Kerberoastable" and "ASREPRoastable" Active Directory accounts Dumping, passing and cracking hashes from domain controllers The Light Pentest eBook is available now for $7.77, and by purchasing it you are entitled to all future editions/revisions going forward.

28 Syys 20217min

7MS #486: Interview with Matt Quammen of Blue Team Alpha

7MS #486: Interview with Matt Quammen of Blue Team Alpha

Today our good buddy Joe Skeen and I virtually sit down with Matt Quammen of Blue Team Alpha to talk about all things incident response! Topics covered include: Top 5 things to do and not do during ransomware event Challenges when responding to ransomware events Opportunities to break into infosec/IR The value of tabletop exercises, and some great ideas for conducting your own Incident response stress and success stories Cyber insurance - worth it or not?

22 Syys 202139min

7MS #485: Interview with Christopher Fielder

7MS #485: Interview with Christopher Fielder

Today our friend Christopher Fielder from Arctic Wolf is back for an interview four-peat! We had a great chat about making sense of vendor alphabet soup terms (like SIEM, SOC, EDR/MDR/XDR, ML, AI and more!), optimizing your SOC to "see" as much as possible, tackling vendor/customer communication problems, and simplifying security product pricing to make purchases less stressful for customers! And don't forget to check out Christopher's first, second and third interviews with 7MS.

15 Syys 202152min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
aikalisa
ootsa-kuullut-tasta-2
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
politiikan-puskaradio
rss-vaalirankkurit-podcast
aihe
the-ulkopolitist
rss-kovin-paikka
rikosmyytit
linda-maria
rss-mina-ukkola
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
radio-antro
rss-aijat-hopottaa-podcast
rss-opiskelijasta-proksi
rss-hyvaa-huomenta-bryssel
rss-raha-talous-ja-politiikka
rss-kyselytunti