7MS #364: Tales of External Pentest Pwnage
7 Minute Security23 Touko 2019

7MS #364: Tales of External Pentest Pwnage

This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out Authentic8.

This episode features cool things I'm learning about external pentesting. But first, some updates:

  • My talk at Secure360 went really well. Only slightly #awkward thing is I felt an overwhelming need to change my title slide to talk about the fact that I don't drink.

  • The 7MS User Group went well. We'll resume in the late summer or early fall and do a session on lockpicking!

  • Wednesday night my band had the honor of singing at a Minnesota LEMA service and wow, what an honor. To see the sea of officers and their supportive families and loved ones was incredibly powerful.

On the external pentest front, here are some items we cover in today's show:

  • MailSniper's Invoke-DomainHarvestOWA helps you discover the FQDN of your mail server target. Invoke-UsernameHarvestOWA helps you figure out what username scheme your target is using. Invoke-PasswordSprayOWA helps you do a low and slow password spray to hopefully find some creds!

  • Once inside the network, CrackMapExec is your friend. You can figure out where your compromised creds are valid across the network with this syntax:

crackmapexec smb 192.168.0.0/24 -u USER -p ‘PASSWORD’ -d YOURDOMAIN

You can also find what shares you have access to with:

crackmapexec smb 192.168.0.0/24 -u USER -p ‘PASSWORD’ -d YOURDOMAIN --shares

Sift through those shares! They often have VERY delicious bits of information in them :-)

Jaksot(695)

7MS #71: OFFTOPIC-Mad Max (audio)

7MS #71: OFFTOPIC-Mad Max (audio)

We’re going totally off topic today and doing a movie review of Mad Max! 7MS #71: OFFTOPIC-Mad Max (audio)

23 Kesä 20158min

7MS #70: Get the Most out of Your DNS! (audio)

7MS #70: Get the Most out of Your DNS! (audio)

I’m pumped to talk about an about an awesome, free little tool that made my Internet connection feel like new again. 7MS #70: Get the Most out of Your DNS! (audio)

18 Kesä 20157min

7MS #69: I’m Not Responsible for Your Information Insecurity (audio)

7MS #69: I’m Not Responsible for Your Information Insecurity (audio)

Are you too hard on yourself? Do you think the success of your client’s infosec program lives and dies with you? Listen to this episode. You might feel better. 7MS #69: I’m Not Responsible for Your Information Insecurity (audio)

16 Kesä 20158min

7MS #68: Is Training and Awareness Worth It or Worthless (audio)

7MS #68: Is Training and Awareness Worth It or Worthless (audio)

This episode is about something that got my undies in a bunch – I heard a security expert imply that training and awareness might be worthless! 7MS #68: Is Training and Awareness Worth It or Worthless (audio)

11 Kesä 20158min

7MS #67: Wifi Sniffing is Fun-Part 2 (audio)

7MS #67: Wifi Sniffing is Fun-Part 2 (audio)

This is a follow-up to episode #64, in which I did some fun wireless sniffing and tried to find sensitive data within it! In the episode I talk about the network “map” of my sniffing setup. It looks like this: Ethernet from client->upstream port of hub My laptop with Wireshark->Hub Wifi access point->Hub To find…

9 Kesä 20157min

7MS #66: I’m Excited to Go Phishing – Part 2 (audio)

7MS #66: I’m Excited to Go Phishing – Part 2 (audio)

This is a follow-up to episode #63, discussing the results of a fun phishing campaign I recently completed. 7MS #66: I’m Excited to Go Phishing – Part 2 (audio)

4 Kesä 20158min

7MS #65: OFFTOPIC-Still Alice (audio)

7MS #65: OFFTOPIC-Still Alice (audio)

Warning, this episode is off topic and has NOTHING to do with infosec! Nope! Instead, it’s a review of the movie Still Alice. Yep. That happened. 7MS #65: OFFTOPIC-Still Alice (audio)

3 Kesä 20157min

7MS #64: Wifi Sniffing is Fun-Part 1 (audio)

7MS #64: Wifi Sniffing is Fun-Part 1 (audio)

I got a fun project involving wireless sniffing, followed up by scraping through packets looking for credit card data! Here’s part 1, which talks about about software/hardware you might need to do this the right way. 7MS #64: Wifi Sniffing is Fun-Part 1 (audio)

28 Touko 20157min

Suosittua kategoriassa Politiikka ja uutiset

rss-ootsa-kuullut-tasta
aikalisa
ootsa-kuullut-tasta-2
rss-podme-livebox
politiikan-puskaradio
rss-vaalirankkurit-podcast
otetaan-yhdet
the-ulkopolitist
linda-maria
et-sa-noin-voi-sanoo-esittaa
rikosmyytit
mita-koulussa-ei-opetettu
rss-hyvaa-huomenta-bryssel
popcorn-with-esko
rss-kovin-paikka
rss-kaikki-uusiksi
rss-merja-mahkan-rahat
rss-tyolinjalla-pekka-sauri
rss-raha-talous-ja-politiikka