7MS #445: Certified Red Team Professional
7 Minute Security9 Joulu 2020

7MS #445: Certified Red Team Professional

Welp, I need another certification like I need a hole in the head, but that didn't stop me from signing up for the Certified Red Team Professional. So I've started a series on sharing what I'm learning as I proceed through the certification path. (We're also talking about this on the 7MS forums)

Here are some of the highlights from week 1:

  • Boy oh boy is PowerView handy for extracting juicy info out of Active Directory. It works well when served with a side order of the Microsoft signed DLL for the ActiveDirectory PowerShell module

  • I wouldn't say this course is for beginners. You will get some high level intro to PowerShell, Active Directory and pentesting, but you will need to do a ton of self-study and banging around in the lab to fill in some skill gaps.

  • When trying to pop a Jenkins box, I learned about a few new helpful tools I'd never played with before:

    • HFS - simple HTTP file server
    • Powercat - for catching shells!

Then on a personal front, I have a few updates to share as well:

  • The Thanksgiving surprise that brought tears to my eyes

  • The new piece of exercise equipment in the Johnson household that made my wife reach for a barf bag

  • A mysterious sound in the house that lead to the discovery of dead things over Thanksgiving break

Jaksot(705)

7MS #17: How to Pass the Certified Ethical Hacker Exam (audio)

7MS #17: How to Pass the Certified Ethical Hacker Exam (audio)

In this episode I share my experience with EC-Council's Certified Ethical Hacker training and exam. Download: 7MS #17: How to Pass the Certified Ethical Hacker Exam (audio) Show notes: Here's info on the CEH training and test outline. I took my CEH training through UFairfax with instructor Leo Dregier. See this post I wrote that…

14 Kesä 20147min

7MS #16: PwnPad Initial Impressions – part 2! (audio)

7MS #16: PwnPad Initial Impressions – part 2! (audio)

In this episode I talk about my first-hand experience using the PwnPad for wireless pentesting. Download: 7MS #16: PwnPad Initial Impressions – Part 2 Show notes: In a nutshell: PwnPad is a great tool to simplify/automate some wireless recon and/or hacking! PwnieExpress has a great write-up on mapping APs w/GPS coordinates using Google Earth here:…

31 Touko 20147min

7MS #15: PwnPad Initial Impressions (audio)

7MS #15: PwnPad Initial Impressions (audio)

In this episode I talk about my initial impressions of using the PwnPad for wireless pentesting. Download: 7MS #15: PwnPad Initial Impressions Show notes: Carrying around a Nexus 7 instead of a bulky laptop to do wireless pentesting sure is nice! PwnPad scripts/automates much of the "busy work" to capture WPA handshakes.

24 Touko 20146min

7MS #14: H8 4 Win8 (audio)

7MS #14: H8 4 Win8 (audio)

In this episode I talk about two (sort of) security related tips that I've learned by using Windows 8 wrong. Download: 7MS #14: H8 4 Win8 (audio) Show notes: Windows Defender doesn't seem to auto-update on Win 8 unless you have updates set to auto download/install. I found a nifty script you can add as…

10 Touko 20146min

7MS #13: How to Get Pwned by HP (audio)

7MS #13: How to Get Pwned by HP (audio)

In this episode I talk about how I had to sent my HP laptop in for repair and, to my surprise, it (allegedly) came back with a bonus: malware! Download: 7MS #13: How to Get Pwned by HP (audio) Show notes: My takeaways/recommendations from this experience: See a pic of my FortiClient picking up on…

3 Touko 20147min

7MS #12: Why My Domains Have Gan to Gandi (audio)

7MS #12: Why My Domains Have Gan to Gandi (audio)

In this episode I talk about an account takeover article that freaked me out, and why it changed a few things about how I handle my important online accounts. Download: 7MS #12: Why My Domains Have Gan to Gandi (audio) Show notes: This episode is all about this article (https://medium.com/cyber-security/24eb09e026dd) in which a Twitter user…

28 Huhti 20147min

7MS #11: Overtraining your iPhone Touch ID (video)

7MS #11: Overtraining your iPhone Touch ID (video)

In this episode I totally throw my subscribers for a loop and do a VIDEO podcast about overtraining your Touch ID on your iPhone. Download: 7MS #11: Overtraining your iPhone Touch ID (video) Show notes: I first read about this from Steve Gibson of GRC at https://www.grc.com/sn/sn-440.htm. But I was listening to the audio-only version…

12 Huhti 20143min

7MS #10: Information Security for the Whole Family – part 2 (audio)

7MS #10: Information Security for the Whole Family – part 2 (audio)

In this episode I talk more about some infosec-y things I'm doing on the home front to nurture a security culture (if you will) with my wife and kids. Download: Episode 10: Information Security for the Whole Family – part 2 (audio) Show notes: If you have kids and are considering a tablet for them,…

5 Huhti 20147min

Suosittua kategoriassa Politiikka ja uutiset

rss-ootsa-kuullut-tasta
aikalisa
tervo-halme
ootsa-kuullut-tasta-2
politiikan-puskaradio
viisupodi
rss-podme-livebox
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
rss-vaalirankkurit-podcast
aihe
the-ulkopolitist
rss-polikulaari-humanisti-vastaa-ja-muut-ts-podcastit
rss-hyvaa-huomenta-bryssel
rss-kuka-mina-olen
politbyroo
linda-maria
rss-lets-talk-about-hair
rss-50100-podcast
rss-tekoalyfoorumi