7MS #654: Tales of Pentest Pwnage – Part 67
7 Minute Security13 Joulu 2024

7MS #654: Tales of Pentest Pwnage – Part 67

Today we’ve got some super cool stuff to cover today! First up, BPATTY v1.4 is out and has a slug of cool things:

  • A whole new section on old-school wifi tools like airmon-ng, aireplay-ng and airodump-ng
  • Syntax on using two different tools to parse creds from Dehashed
  • An updated tutorial on using Gophish for phishing campaigns

The cocoa-flavored cherry on top is a tale of pentest pwnage that includes:

  • Abusing SCCM
  • Finding gold in SQL configuration/security audits

Jaksot(681)

7MS #642: Interview with Ron Cole of Immersive Labs

7MS #642: Interview with Ron Cole of Immersive Labs

Ron Cole of Immersive Labs joins us to talk pentest war stories, essential skills he learned while serving on a SOC, and the various pentest training and range platforms you can use to sharpen your security skills! Here are the links Ron shared during our discussion: VetSec Fortinet Veterans Program Immersive Labs Cyber Million FedVTE

23 Syys 202442min

7MS #641: DIY Pentest Dropbox Tips – Part 10

7MS #641: DIY Pentest Dropbox Tips – Part 10

Today we’re revisiting the fun world of automating pentest dropboxes using Proxmox, Ansible, Cursor and Level.  Plus, a tease about how all this talk about automation is getting us excited for a long-term project: creating a free/community edition of Light Pentest LITE training!

13 Syys 202427min

7MS #640: Tales of Pentest Pwnage – Part 63

7MS #640: Tales of Pentest Pwnage – Part 63

This was my favorite pentest tale of pwnage to date!  There’s a lot to cover in this episode so I’m going to try and bullet out the TLDR version here: Sprinkled farmer files around the environment Found high-priv boxes with WebClient enabled Added “ghost” machine to the Active Directory (we’ll call it GHOSTY) RBCD attack to be able to impersonate a domain admin using the CIFS/SMB service against the victim system where some higher-priv users were sitting Use net.py to add myself to local admin on the victim host Find a vulnerable service to hijack and have run an evil, TGT-gathering Rubeus.exe – found that Credential Guard was cramping my style! Pulled the TGT from a host not protected with Credential Guard Figured out the stolen user’s account has some “write” privileges to a domain controller Use rbcd.py to delegate from GHOSTY and to the domain controller Request a TGT for GHOSTY Use getST.py to impersonate CIFS using a domain admin account on the domain controller (important thing here was to specify the DC by its FQDN, not just hostname) Final move: use the domain admin ccache file to leverage net.py and add myself to the Active Directory Administrators group

7 Syys 202443min

7MS #639: Tales of Pentest Pwnage - Part 62

7MS #639: Tales of Pentest Pwnage - Part 62

Today’s tale of pentest pwnage talks about the dark powers of the net.py script from impacket.

3 Syys 20247min

7MS #638: Tales of Pentest Pwnage – Part 61

7MS #638: Tales of Pentest Pwnage – Part 61

Today we’re talking pentesting – specifically some mini gems that can help you escalate local/domain/SQL privileges: Check the C: drive! If you get local admin and the system itself looks boring, check root of C – might have some interesting scripts or folders with tools that have creds in them. Also look at Look at Get-ScheduledTasks Find ids and passwords easily in Snaffler output with this Snaffler cleaner script There’s a ton of gold to (potentially) be found in SQL servers – check out my notes on using PowerUpSQL to find misconfigs and agent jobs you might able to abuse!

23 Elo 202432min

7MS #637: BPATTY[RELOADED] Release Party

7MS #637: BPATTY[RELOADED] Release Party

Hello friends, I’m excited to release BPATTY[RELOADED] into the world at https://bpatty.rocks! – which stands for Brian’s Pentesting and Technical Tips for You! It’s a knowledge base of IT and security bits that help me do a better job doing security stuff! Today I do an ACTUAL 7-minute episode (GASP…what a concept!) covering my favorite bits on the site so far. Enjoy!

17 Elo 20247min

7MS #636: A Prelude to BPATTY(RELOADED)

7MS #636: A Prelude to BPATTY(RELOADED)

Artificial hype alert!  I’m working on a NEW version of BPATTY (Brian’s Pentesting and Technical Tips for You), but it is delayed because of a weird domain name hostage negotiation situation.  It’s weird.  But in the meantime I want to talk about the project (which is a pentest documentation library built on Docusaurus) and how I think it will be bigger/better/stronger/faster/cooler than BPATTY v1 (which is now in archive/read-only mode).

12 Elo 202411min

7MS #635: Eating the Security Dog Food - Part 7

7MS #635: Eating the Security Dog Food - Part 7

Today we’re talking about eating the security dog food – specifically: Satisfying critical security control #1 Using the Atlassian family of tools to create a ticketing/change control system and wrap it into an asset inventory Leveraging Wazuh as a security monitoring system (with eventual plans to leverage its API to feed Atlassian inventory data)

3 Elo 202445min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
ootsa-kuullut-tasta-2
aikalisa
politiikan-puskaradio
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
rss-vaalirankkurit-podcast
aihe
rikosmyytit
politbyroo
rss-mina-ukkola
rss-raha-talous-ja-politiikka
rss-kyselytunti
rss-uutisia-euroopan-parlamentista
rss-suoraan-asiaan
rss-sinivalkoinen-islam
rss-kaikki-paskaksi-ystavat
rss-kaikki-uusiksi
rss-hyvaa-huomenta-bryssel
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset