7MS #353: Tales of Internal Pentest Pwnage - Part 1
7 Minute Security22 Mar 2019

7MS #353: Tales of Internal Pentest Pwnage - Part 1

Buckle up! This is one of my favorite episodes.

Today I'm kicking off a two-part series that walks you through a narrative of a recent internal pentest I worked on. I was able to get to Domain Admin status and see the "crown jewels" data, so I thought this would be a fun and informative narrative to share. Below are some highlights of topics/tools/techniques discussed:

Building a pentest dropbox

The timing is perfect - my pal Paul (from Project7) and Dan (from PlexTrac) have a two-part Webinar series on building your own $500 DIY Pentest Lab, but the skills learned in the Webinars translate perfectly into making a pentest dropbox. Head to our webinars page for more info.

Securing a pentest dropbox

What I did with my Intel NUC pentest dropbox is build a few VMs as follows:

  • Win 10 pro management box with Bitlocker drive encryption and Splashtop (not a sponsor) which I like because it offers 2FA and an additional per-machine password/PIN. I think I spent $100/year for it.

  • Kali attack box with an encrypted drive (Kali makes this easy by offering you this option when you first install the OS).

Scoping/approaching a pentest

From what I can gather, there are (at least) two popular schools of thought as it relates to approaching a pentest:

  • From the perimeter - where you do a lot of OSINT, phish key users, gain initial access, and then find a path to privilege from there.

  • Assume compromise - assume that eventually someone will click a phishing link and give bad guys a foothold on the network, so you have the pentester bring in a Kali box, plug it into the network, and the test begins from that point.

Pentest narrative

For one of the tests I worked on, here were some successes and challenges I had along the way:

Check out the show notes at 7MS.us as there's lots more good info there!

Episoder(688)

7MS #151: Friday Infosec News and Links Roundup

7MS #151: Friday Infosec News and Links Roundup

Here are some of my favorite stories and links for this week! Training opportunities NMAP course from Udemy - $24 for a limited time (I think) How to handle the the thoughtless compliance zombie hordes - by BHIS is coming up Tuesday February 16th from 2-3 ET. The price is free! Pivot Project touts itself as "a portfolio of interesting, practical, enlightening, and often challenging hands-on exercises for people who are trying to improve their mastery of important cybersecurity skills. News It is absurdly easy for attackers to destroy your Web site in 10 minutes. Secure your home network better using advice from the SANS Ouch! newsletter. Chromodo (part of Comodo's Internet Security)disables same-origin policy which basically disables Web security. Wha?! Virus total now looks at firmware images as well. We can soon wave goodbye to Java in the browser forever!. Kinda. Tools Here's a nice SSL/TLS-checking checklist for pentesters. Kali is moving to a rolling release configuration pretty soon. Update yours before April 15!

5 Feb 201611min

7MS #150: OFF-TOPIC-Bone Tomahawk / Goodnight Mommy / Comedy Loves Misery

7MS #150: OFF-TOPIC-Bone Tomahawk / Goodnight Mommy / Comedy Loves Misery

Preview16 wordsIn today's off-topic episode I review the following movies: Bone Tomahawk Goodnight Mommy Misery Loves Comedy

3 Feb 201610min

7MS #149: Securing Your Life - Part 3

7MS #149: Securing Your Life - Part 3

This episode continues the series on securing your life - making sure all the security stuff related to your life is in order. Today we're particularly focusing on preparing to travel. What if (God forbid) the plane goes down? Who has access to your money, passwords, etc.?

1 Feb 20168min

7MS #148: OFF-TOPIC - Apple Watch Review

7MS #148: OFF-TOPIC - Apple Watch Review

Yep, there are tons of people/blogs/magazines/children/pets who have provided reviews of the Apple Watch. This is mine.

28 Jan 20169min

7MS #147: DIY Hosted Mutillidae

7MS #147: DIY Hosted Mutillidae

In this episode I talk about how to build a cheap hosted Mutillidae server to safely hack away on while keeping other Internet prowlers out. Here are the basic commands to run to lock down the Digital Ocean droplet's iptables firewall: *Flush existing rules* **sudo iptables -F** *Allow all concurrent connections* **sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT** *Allow specific IPs/hosts to access port 80* **sudo iptables -A INPUT -p tcp -s F.Q.D.N --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT** *Allow specific IPs/hosts to access port 22* **sudo iptables -A INPUT -p tcp -s F.Q.D.N --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT** *Block all other traffic:* **sudo iptables -P INPUT DROP** *Provide the VPS loopback access:* **sudo iptables -I INPUT 1 -i lo -j ACCEPT** *Install iptables-persistent to ensure rules survive a reboot:* **sudo apt-get install iptables-persistent** *Start iptables-persistent service* **sudo service iptables-persistent start** *If you make iptables changes after this and they don't seem to stick, do this:* **sudo iptables-save > /etc/iptables/rules.v4** See this Digital Ocean article for more information.

26 Jan 20168min

7MS #146: Friday Infosec News and Links Roundup

7MS #146: Friday Infosec News and Links Roundup

Here are some of my favorite stories and links for this week! If you missed last week's BURN IT ALL! Webcast, it's now online as a Youtube video. There is still time to register for the Real World Web Penetration Testing Webinar. It's(Thursday, January 28 @ 1 p.m. CST) and $25 (cheap!) Trustwave is in big trouble after failing to find hackers under their noses. Their noses mustreally hurt because Mandiant was quick to point out the work done by Trustwave was "woefully inadequate." I'm scared of IoT stuff. Why? Oh, I don't know, because what happens when your Nest fails and leaves your buttcheeks freezing cold?!?!? Or what if hackers steal your doorbell, and thus your wifi password and pwn your network? Thankfully, OWASP now now has a top 10 for IoT stuff too. A researcher found some clever ways to abuse Lastpass with an exploit called Lostpass. Lastpassresponded with a security change wherein a Lastpass authentication from a new device requires approval via email. A new Sysinternals tool helps figure out if you have shady, unsigned files in c:\windows\system32. Oh, and for sure upgrade all your iThings ASAP. Apple patched some ugly security holes.

23 Jan 201610min

7MS #145: OFF-TOPIC - Sicario and The Walk

7MS #145: OFF-TOPIC - Sicario and The Walk

In today's off-topic episode I review two movies: Sicario and The Walk.

21 Jan 20167min

7MS #144: Shoulder-Surfing with Seasoned Pentesters

7MS #144: Shoulder-Surfing with Seasoned Pentesters

I recently had the opportunity to shoulder-surf with some seasoned Webapp pentesters, and wanted to share what I learned about their tools, techniques and methodologies.

18 Jan 20167min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
hva-star-du-for
stopp-verden
popradet
nokon-ma-ga
fotballpodden-2
det-store-bildet
dine-penger-pengeradet
aftenbla-bla
unitedno
bt-dokumentar-2
e24-podden
rss-dannet-uten-piano
rss-penger-polser-og-politikk
rss-ness
frokostshowet-pa-p5
rss-borsmorgen-okonominyhetene