7MS #664: What I’m Working on This Week
In today’s episode I talk about what I’m working on this week, including: Playing with Sliver C2 and pairing it with ShellcodePack Talking about Netexecer, my upcoming tool that helps automate some of the early/boring stuff in an internal pentest A gotcha to watch out for if utilizing netexec’s MSSQL upload/download functionality
28 Helmi 25min
7MS #663: Pentesting GOAD SCCM
Today we live-hack an SCCM server via GOAD SCCM using some attack guidance from Misconfiguration Manager! Attacks include: Unauthenticated PXE attack PXE (with password) attack Relaying the machine account of the MECM box over to the SQL server to get local admin
21 Helmi 29min
7MS #662: Pentesting Potatoes - Part 2
Hi friends, today we're talking about pentesting potatoes (not really, but this episode is sort of a homage to episode 333 where I went to Boise to do a controls assessment and ended up doing an impromptu physical pentest and social engineer exercise). I talk about what a blast I'm having hunting APTs in XINTRA LABS, and two cool tools I'm building with the help of Cursor: A wrapper for Netexec that quickly finds roastable users, machines without SMB signing, clients running Webclient and more. A sifter of Snaffler-captured files to zero in even closer on interesting things such as usernames and passwords in clear text.
14 Helmi 37min
7MS #661: Baby’s First Hetzner and Ludus – Part 2
Today we continue our journey from last week where we spun up a Hetzner cloud server and Ludus.cloud SCCM pentesting range! Topics include: Building a Proxmox Backup Server (this YouTube video was super helpful) Bridging a second WAN IP to the Hetzner/Ludus server Wrestling with the Hetzner (10-rule limit!) software firewall When attacking SCCM – you can get a version of pxethief that runs in Linux!
8 Helmi 37min
7MS #660: Baby's First Hetzner and Ludus
I had an absolute ball this week spinning up my first Hetzner server, though it was not without some drama (firewall config frustrations and failing hard drives). Once I got past that, though, I got my first taste of the amazing world of Ludus.cloud, where I spun up a vulnerable Microsoft SCCM lab and have started to pwn it. Can’t say enough good things about Ludus.cloud, but I certainly tried in this episode!
1 Helmi 34min
7MS #659: Eating the Security Dog Food - Part 8
Today I’m excited about some tools/automation I’ve been working on to help shore up the 7MinSec security program, including: Using Retype as a document repository Leveraging the Nessus API to automate the downloading/correlating of scan data Monitoring markdown files for “last update” changes using a basic Python script
24 Tammi 28min
7MS #658: WPA3 Downgrade Attacks
Hey friends, today we cover: The shiny new 7MinSec Club BPATTY updates A talk-through of the WPA3 downgrade attack, complemented by the YouTube livestream
17 Tammi 32min
7MS #657: Writing Rad Security Documentation with Retype
Hello friends! Today we’re talking about a neat and quick-to-setup documentation service called Retype. In a nutshell, you can get Retype installed on GitHub pages in about 5 minutes and be writing beautiful markdown pages (with built-in search) immediately. I still absolutely love Docusaurus, but I think Retype definitely gives it a run for its money.
10 Tammi 20min
