7MS #650: Tales of Pentest Pwnage - Part 65
Oooooo, giggidy! Today is (once again) my favorite tale of pentest pwnage. I learned about a feature of PowerUpSQL that helped me find a “hidden” SQL account, and that account ended up being the key to the entire pentest! I wonder how many hidden SQL accounts I’ve missed on past pentests….SIGH! Check out the awesome BloodHound gang thread about this here. Also, can’t get Rubeus monitor mode to capture TGTs to the registry? Try output to file instead: rubeus monitor /interval:5 /nowrap /runfor:60 /consoleoutfile:c:\users\public\some-innocent-looking-file.log In the tangent department, I talk about a personal music project I’m resurrecting to help my community.
15 Marras 202453min
7MS #649: First Impressions of Twingate
Today we take a look at a zero-trust / ditch-your-VPN solution called Twingate (not a sponsor but we’d like them to be)! It also doubles nicely as a primary or backup connection for your DIY pentest dropboxes which we’ve talked about quite a bit here. In other news, we’ve moved from Teachable to Coursestack, so if you’ve bought training/ebooks with us before, you should’ve received some emails from us last Friday and can access our new training portal here. (If you THINK you should’ve received enrollment emails from CourseStack and didn’t, drop us a line here.) In the tangent portion of our program, I give a health update on my mom and dad, and talk about some resources I’m exploring to reduce stress and anxiety after what has been a tough week for many of us.
8 Marras 20241h 12min
7MS #648: First Impressions of Level.io
Hey friends, today I’m sharing my first (and non-sponsored) impressions of Level.io, a cool tool for managing Windows, Mac and Linux endpoints. It fits a nice little niche in our pentest dropbox deployments, it has an attractive price point and their support is fantastic.
1 Marras 202440min
7MS #647: How to Succeed in Business Without Really Crying – Part 19
Today we’re talkin’ business – specifically how to make your report delivery meetings calm, cool and collect (both for you and the client!).
25 Loka 202422min
7MS #645: How to Succeed in Business Without Really Crying - Part 18
Today I do a short travelogue about my trip to Washington, geek out about some cool training I did with Velociraptor, ponder drowning myself in blue team knowledge with XINTRA LABS, and share some thoughts about the conference talk I gave called 7 Ways to Panic a Pentester.
14 Loka 202431min
7MS #644: Tales of Pentest Pwnage – Part 64
Hey! I’m speaking in Wanatchee, Washington next week at the NCESD conference about 7 ways to panic a pentester! Today’s tale of pentest pwnage is a great reminder to enumerate, enumerate, enumerate! It also emphases that cracking NETLM/NETNTLMv1 isn’t super easy to remember the steps for (at least for me) but this crack.sh article makes it a bit easier!
4 Loka 202441min
7MS #643: DIY Pentest Dropbox Tips – Part 11
Today we continue where we left off in episode 641, but this time talking about how to automatically deploy and install a Ubuntu-based dropbox! I also share some love for exegol as an all-in-one Active Directory pentesting platform.
27 Syys 202426min
