7MS #369: Cracking Hashes with NPK
Today's episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-effective solution to prevent Active Directory users from setting a weak or compromised password. It's in compliance with the latest NIST password guidelines, and is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Today I'm having a blast with cracking hashes quickly and cost-effectively using NPK. For 1+ years I've loved my Paperspace config, but lately I've had some reservations about it: People are telling me they're having problems installing the drivers My methodology for building wordlists with HateCrack doesn't seem to work anymore I often pay a lot of $ for idle time since you pay ~$5/month just for the VM itself, and then a buck and change per hour the box is running - even when it's not cracking anything. This week on a pentest I wasn't capturing many hashes, and when I finally did it was a really valuable one. So I wanted to throw more "oomph" at the hash but don't have a ton of days to spare. Enter NPK which lets you submit a hash, decide how much horsepower to throw at it, and even set a max amount of $ to spend on the effort. Super cool! I'm loving it so far! Note: I did have a heck of a time with the install (I'm sure it was a me thing) so I wrote up this gist to help others who might hit the same issue: Happy crackin'!
28 Jun 201919min
7MS #368: Tales of Pentest Fail
This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out Authentic8. In today's episode, I toss myself under the proverbial security bus and share a tale of pentest fail. Looking back, I think the most important lessons learned were: Scope projects well - I've been part of many over- and under-scoped projects due to PMs and/or sales folks doing an oversimplified calculations, like "URLs times X amount of dollars equals the SOW price." I recommend sending clients a more in-depth questionnaire and even jump on a Web meeting to get a nickel tour of their apps before sending a quote. Train your juniors - IMHO, they should shoulder-surf with more senior engineers a few times and not do much hands-to-keyboard work at first (except maybe helping write the report) until they demonstrate proficiency. Use automated pentest tools with caution - they need proper tuning/care/feeding or they can bring down Web sites and "over test" parameters.
24 Jun 201936min
7MS #367: DIY Two-Hour Risk Assessment
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Hey! I'm on the road again - this time with a tale encompassing: How to conduct a mini risk assessment in just two hours. Some ways to consider adding value : A discussion of administrative and physical controls Create a network inventory using nmap and Eyewitness Conduct an external vulnerability scan with Nessus or OpenVAS How a guy with a gun turned a four-hour road trip into an epic eight hour adventure. Enjoy :-)
17 Jun 201933min
7MS #366: Tales of Internal Pentest Pwnage - Part 3
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Today's episode was recorded on the way to a new assessment, and since I had nothing but miles and time in front of me, I covered two major stories (probably not in order of importance): Why I had two get two haircuts in under and hour (spoiler: it's so I didn't look like an idiot for my client)! An internal pentesting pwnage story - including network and physical security this time around! Enjoy!
16 Jun 20191h 6min
7MS #365: Interview with Ryan Manship and Dave Dobrotka - Part 3
This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out Authentic8. First, a bit of miscellany: If you replace "red rain" with "red team" in this song, we might just have a red team anthem on our hands! If you're in the Twin Cities area and looking for an infosec analyst job, check out this posting with UBB. If interested, I can help make an electronic introduction - and/or let 'em know 7 Minute Security sent ya! Ok, in today's program we're talking about red teaming again with our third awesome installment with Ryan and Dave who are professional red teamers! Today we cover: Recon - it's super important! It's like putting together puzzle pieces...and the more of that puzzle you can figure out, less likely you'll be surprised and the more likely you'll succeed at your objective! Reporting - how do you deliver reports in a way that blue team doesn't feel picked on, management understands the risk, and ultimately everybody leaves feeling charged to secure all the things? I also asked the questions folks submitted to me via LinkedIn/Slack: Any tips for the most dreaded part of an assessment (reports)? How do you get around PowerShell v5 with restrict language mode without having the ability to downgrade to v2? What's an alternative to PowerShell tooling for internal pentesting? (hint: C# is the hotness) What certs/skills should I pursue to get better at red teaming (outside of "Hey, go build a lab!"). Are customers happy to get assessed by a red team exercise, or do they do it begrudgingly because of requirements/regulations?
30 Mai 20191h 8min
7MS #364: Tales of External Pentest Pwnage
This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out Authentic8. This episode features cool things I'm learning about external pentesting. But first, some updates: My talk at Secure360 went really well. Only slightly #awkward thing is I felt an overwhelming need to change my title slide to talk about the fact that I don't drink. The 7MS User Group went well. We'll resume in the late summer or early fall and do a session on lockpicking! Wednesday night my band had the honor of singing at a Minnesota LEMA service and wow, what an honor. To see the sea of officers and their supportive families and loved ones was incredibly powerful. On the external pentest front, here are some items we cover in today's show: MailSniper's Invoke-DomainHarvestOWA helps you discover the FQDN of your mail server target. Invoke-UsernameHarvestOWA helps you figure out what username scheme your target is using. Invoke-PasswordSprayOWA helps you do a low and slow password spray to hopefully find some creds! Once inside the network, CrackMapExec is your friend. You can figure out where your compromised creds are valid across the network with this syntax: crackmapexec smb 192.168.0.0/24 -u USER -p ‘PASSWORD’ -d YOURDOMAIN You can also find what shares you have access to with: crackmapexec smb 192.168.0.0/24 -u USER -p ‘PASSWORD’ -d YOURDOMAIN --shares Sift through those shares! They often have VERY delicious bits of information in them :-)
23 Mai 201936min
7MS #363: Interview with Ryan Manship and Dave Dobrotka - Part 2
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Yuss! It's true! Dave and Ryan are back! Back in episode #326 we met Ryan Manship of RedTeam Security and Dave Dobrotka of United HealthGroup and talked about their cool and exciting careers as professional red teamers. In this follow-up interview (which will be broken into a few parts), we talk through a red team engagement from start to finish. Today we cover questions like: Who should have a red team exercise conducted? Who NEEDS one? How do you choose an objective that makes sense? What do you do about push-back from management and/or scope manipulation? (“Don’t phish our CEO! She’ll click stuff! Attack our servers, just not the production environment!!!”). Spoiler alert: your clients need to have intestinal fortitude! What’s better - a “zero knowledge” red team engagement or a collaborative exercise between testers and their clients? How do you attack a high-security bunker?! How do you conduct a red team exercise without ending up in jail? What does your “get out of jail” card get you - and NOT get you?
15 Mai 201957min
7MS #362: My Dear Friend Impostor Syndrome
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Today I take a walk (literally!), get chased by a dog (seriously!) and talk about impostor syndrome and feelings of self-loathing and doubt as I get ready to speak at Secure360 next week (insert wah-wah-waaaaaaahhhhhhh here). How do you deal with impostor syndrome? Personally, I'm finding some success in squashing it by forcing myself into situations where I feel like a fraud - over and over again! Over time, I feel slightly less like a sham and a bit more like I know what I'm talking about. Specifically, in this episode I talk about: The thrill of getting a presentation accepted at a conference, and the dread and fear that follows The awful nightmare I have the night before I speak in front of others Shaking off nerves when your talk is accompanied by a sign language interpreter Finding your "voice" and getting the confidence to share/present your knowledge in a way only you can I also share the outline to my "So You Wanna Start a Security Company?" talk, which includes: What are the telltale signs that you should start a security company? How do you find business when everybody and their mom seems to have a security offering? What are some of the tools/services/people that can help your business succeed?
9 Mai 201941min
