7MS #427: Interview with Ameesh Divatia from Baffle

Today we continue our SIEM/SOC evaluation series with a closer look at one particular managed solution and how it fared (very well) against a very hostile environment: the Light Pentest LITE pentesting course! Spoiler alert: this solution was able to detect: RDP from public IPs Password spraying Kerberoasting Mimikatz Recon net commands Hash dumping Hits on a "honey domain admin" account Users with non-expiring passwords Hits on the SSH/FTP/HTTP honeypot

17 Nov 202139min

10 Nov 202145min

Hey, remember back in episode #357 where we introduced 7MOIST (7 Minutes of IT and Security Tips)? Yeah, me neither :-). Anyway, we're back with the second edition of 7MOIST and have some cool pentesting and general IT tips that will hopefully make your life a little awesome-r: Stuck on a pentest because EDR keeps gobbling your payloads? SharpCradle might just save the day! CrackMapExec continues to learn new awesome tricks - including a module called slinky that plants hash-grabbing files on shares you have write access to! Browsing 17 folders deep in Windows Explorer and wish you could just pop a cmd.exe from right there? You can! Just click into the path where you're browsing, type cmd.exe, hit Enter and BOOM! Welcome to a prompt right at that folder!

4 Nov 20217min

Hello friends! We're long overdue for a tale of pentest pwnage, and this one is a humdinger! It's actually kind of three tales in one, focusing on pentesting wins using: Manual "open heart surgery" on the root of the Active Directory domain The new totally rad DHCP poisoning module of Responder An opportunity to abuse GPOs with SharpGPOAbuse (P.S. we talked about this tool about a year ago in episode 441)

28 Okt 202156min

Today we're joined by Louis Evans of Arctic Wolf to talk about all things cyber insurance, including: History on cyber insurance - who's buying it, what it does and doesn't cover, and when it started to be something you didn't want to leave home without What are insurance companies asking/demanding of customers before writing a cyber insurance policy? What basic things organizations can do to reduce malware/ransomware incidents (whether they are considering a cyber insurance policy or not)? How do I evaluate the various insurance carriers out there and pick a good one?

20 Okt 202152min

Hey friends! Today we're going to recap the SIEM/SOC players we've evaluated so far (Arctic Wolf, Elastic, Sumo Logic, Milton Security) and then talk about a new contender that was brought to our attention: Blumira (not a sponsor, but I'm really digging what I'm seeing/hearing/experiencing thus far)!

13 Okt 202142min

Today we're talking about Ping Castle (not a sponsor), an awesome tool for enumerating tons of info out of your Active Directory environment and identifying weaknesses, misconfigurations and paths to escalation! It's wonderful for both red and blue teamers. Some of Ping Castle's cool features include being able find: Kerberoastable and ASREPRoastable users Plain text passwords lingering in Group Policy Objects Users with never-expiring passwords Non-supported versions of Windows Machines configured with unconstrained delegation Attack and escalation paths to Domain Admins

6 Okt 202158min

Today we continue our series focused on building a security consultancy and talk about: A phishing campaign that went off the rails, and lessons learned from it First impressions of an awesome tool to help add MFA to your Active Directory (not a sponsor) A tangent story about how my wife brought some thieves to justice!

29 Sep 202143min