7MS #466: Attacking and Defending Azure AD Cloud (CARTP)
7 Minute Security5 Touko 2021

7MS #466: Attacking and Defending Azure AD Cloud (CARTP)

Welp, I need another security certification like I needed a bunch to the retinas, but even after all the fun (and pain) of CRTP I couldn't help but sign up for the maiden voyage of Attacking and Defending Azure AD Cloud - a.k.a. CARTP. This cert comes to us from our friends over at Pentester Academy, and is all about pwning things in Azure AD which is mostly new ground for me.

I this episode I talk about some of the TTPs covered in week 1 of this course, as well as:

Likes:

  • Courses offered on Saturday (I'm usually pooped for these sessions, but it's easier than taking time during the work week)

  • Student portal - and especially the student guide! - is more polished, easy to read, and easy to copy/paste from.

Dislikes:

  • On Saturdays I'm a sleepy Brian. :-)

  • I still wish the course was designed such that we would go through various hands-on-keyboard exercises with the instructor, not just watch.

  • Use of Discord as main comms channel - it causes anxiety for me...too many blips and bloops and blurps with all the notifications. It's also frustrating that the instructor takes questions from Discord sometimes without repeating the question, thus making it hard to figure out what everybody was talking about if I watch the Zoom reply.

Jaksot(688)

7MS #32: OSCP – part 3 (audio)

7MS #32: OSCP – part 3 (audio)

Been a while since I shared an update on OSCP progress. It’s going good but…slow. However, I do have one (maybe obvious) tip to share that I hope will save you a ton of time. Download: 7MS #32: OSCP – part 3 (audio)

1 Marras 20147min

7MS #31: Network Detective (audio)

7MS #31: Network Detective (audio)

Network Detective is a tool we’ve been using as kind of an addendum to our full security assessment. It gives some nice, plain-English Excel spreadsheets and Word docs that report on AD health and structure, PC inventory and open ports, AV clients that aren’t working right, and a whole lot more. Download: 7MS #31: Network Detective…

25 Loka 20147min

7MS #30: Managing Privileged Accounts (audio)

7MS #30: Managing Privileged Accounts (audio)

Most organizations I talk to have no idea where their privileged accounts are used across the network. I recently saw a demo of a solution called CyberArk, which seems to address that problem. Download: 7MS #30: Managing Privileged Accounts (audio)

18 Loka 20147min

7MS #29: Follow Up Then (audio)

7MS #29: Follow Up Then (audio)

This isn’t necessarily related to security, but it’s about one of my favorite tools to keep my todos organized: FollowUp Then! Download: 7MS #29: Follow Up Then (audio)

11 Loka 20147min

7MS #28: Infosec for Kids? (audio)

7MS #28: Infosec for Kids? (audio)

This is more of a random, wondering aloud type of episode as I think about raising my kids with infosec in mind. Specifically, what’s life going to be like for them growing up in an Internet-soaked world where there are constantly text/video/photos of them going online – to stay forever? Download: 7MS #28: Infosec for Kids?…

27 Syys 20147min

7MS #27: Backing Up with CrashPlan (audio)

7MS #27: Backing Up with CrashPlan (audio)

Hey, when it comes to backups…uh…you should have them! This is a NON-endorsed/sponsored episode about my personal favorite backup service called CrashPlan. Download: 7MS #27: Backing Up with Crashplan (audio)

20 Syys 20147min

7MS #26: The Importance of Training and Awareness (audio)

7MS #26: The Importance of Training and Awareness (audio)

Training and awareness – specifically as it relates to infosec – is something companies can’t spend enough $ on. But from my experience, not enough of them are making this a front-burner priority. This episode talks about one topic I’m particularly passionate about. I call it “How not to click on bad stuff.” Download: 7MS #26:…

13 Syys 20147min

7MS #25: Writing Better Pentest Reports (audio)

7MS #25: Writing Better Pentest Reports (audio)

This episode talks about some pointers, tools and tips towards writing better pentest reports. Download: 7MS #25: Writing Better Pentest Reports (audio)

23 Elo 20148min

Suosittua kategoriassa Politiikka ja uutiset

ootsa-kuullut-tasta-2
rss-podme-livebox
aikalisa
rss-ootsa-kuullut-tasta
politiikan-puskaradio
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
rss-vaalirankkurit-podcast
aihe
rss-sinivalkoinen-islam
rikosmyytit
rss-raha-talous-ja-politiikka
the-ulkopolitist
rss-mina-ukkola
politbyroo
radio-antro
rss-merja-mahkan-rahat
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
linda-maria
rss-hyvaa-huomenta-bryssel