7MS #437: Homecoming and Home ioT Security - Part 3
7 Minute Security14 Loka 2020

7MS #437: Homecoming and Home ioT Security - Part 3

Hello! This episode is a true homecoming in that I actually recorded it from home. Yay!

WARNING!!! WARNING!!! This episode contains a ton of singing. If you don't like singing, do not listen!!!

With that said, I wanted to follow up on part 1 and 2 of this series and share some additional cool tools that others have told me about in regards to securing and monitoring all your ioTs!

  • Home Assistant - is described on its Wikipedia page as "a free and open-source home automation software designed to be the central control system in a smart home or smart house." You can quickly grab the HA image and dump it on an SD card with Balena Etcher and be up and running in minutes. I found HA a bit overkill/complicated for my needs, but my pal Hackernovice (on 7MS Slack) says this video demonstrates why he really loves it.

  • Prometheus, recommended by our pal Mojodojo101, is "a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true." I found a great RPi install guide that will help you get it up and running in a snap. I love the capabilitiesand possibilities of Prometheus, but much like Home Assistant, it quickly got to "more than I need" territory.

The final thing we talk about today is trying to answer this question: with so many of my ioTs tied to some cloud app/service, how do I keep these accounts themselves as secure as possible?

Songs sung in this episode include:

Jaksot(703)

7MS #679: Tales of Pentest Pwnage – Part 73

7MS #679: Tales of Pentest Pwnage – Part 73

In today's tale of pentest pwnage I talk about a cool ADCS ESC3 attack – which I also did live on this week's Tuesday TOOLSday. I also talk about Exegol's licensing plans (and how it might break your pentest deployments if you use ProxmoxRox).

13 Kesä 30min

7MS #678: How to Succeed in Business Without Really Crying – Part 22

7MS #678: How to Succeed in Business Without Really Crying – Part 22

Today I share some tips on presenting a wide variety of content to a wide variety of audiences, including: Knowing your audience before you touch PowerPoint Understanding your presentation physical hookups and presentation surfaces A different way to screen-share via Teams that makes resolution/smoothness way better!

6 Kesä 33min

7MS #677: That One Time I Was a Victim of a Supply Chain Attack

7MS #677: That One Time I Was a Victim of a Supply Chain Attack

Hi everybody. Today I take it easy (because my brain is friend from the short week) to tell you about the time I think my HP laptop was compromised at the factory!

30 Touko 13min

7MS #676: Tales of Pentest Pwnage – Part 72

7MS #676: Tales of Pentest Pwnage – Part 72

Today's fun tale of pentest pwnage discuss an attack path that would, in my opinion, probably be impossible to detect…until it's too late.

27 Touko 59min

7MS #675: Pentesting GOAD – Part 2

7MS #675: Pentesting GOAD – Part 2

Hey friends! Today Joe "The Machine" Skeen and I tackled GOAD (Game of Active Directory) again – this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!

16 Touko 31min

7MS #674: Tales of Pentest Pwnage – Part 71

7MS #674: Tales of Pentest Pwnage – Part 71

Today's tale of pentest pwnage is another great one! We talk about: The SPNless RBCD attack (covered in more detail in this episode) Importance of looking at all "branches" of outbound permissions that your user has in BloodHound This devilishly effective MSOL-account-stealing PowerShell script (obfuscate it first!) A personal update on my frustration with ringing in my ears

9 Touko 49min

7MS #673: ProxmoxRox

7MS #673: ProxmoxRox

Today we're excited to release ProxmoxRox – a repo of info and scripts to help you quickly spin up Ubuntu and Windows VMs. Also, some important news items: 7MinSec.club in-person meeting is happening Wednesday, May 14! More details here. We did our second Tuesday TOOLSday this week and showed you some local privesc techniques when you have local admin on an endpoint

3 Touko 30min

7MS #672: Tales of Pentest Pwnage – Part 70

7MS #672: Tales of Pentest Pwnage – Part 70

Today's a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using evil-winrm and make our getaway with some privileged Kerberos TGTs! I also share an (intentionally) vague story about a personal struggle I could use your thoughts/prayers/vibes with.

25 Huhti 55min

Suosittua kategoriassa Politiikka ja uutiset

rss-ootsa-kuullut-tasta
aikalisa
tervo-halme
ootsa-kuullut-tasta-2
politiikan-puskaradio
otetaan-yhdet
rss-podme-livebox
et-sa-noin-voi-sanoo-esittaa
aihe
rss-kaikki-uusiksi
rss-raha-talous-ja-politiikka
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
radio-antro
rss-uusi-juttu
rss-lets-talk-about-hair
rss-hyvaa-huomenta-bryssel
linda-maria
rss-terveisia-seelannista
rss-toisten-taskuilla
rss-podcast-podcast-3