7MS #428: Tales of Internal Network Pentest Pwnage - Part 20
7 Minute Security19 Aug 2020

7MS #428: Tales of Internal Network Pentest Pwnage - Part 20

Welcome to another fun tale of internal pentest pwnage! Today's tale includes these helpful informational tidbits:

  • My understanding is that in order for mitm6 relay attacks to work against DCs, those DCs have to have LDAPS config'd properly. Use nmap -sV -p646 name.of.domain.controller to verify this (thanks this site for the tip!)

  • PowerView is awesome when used with Find-InterestingDomainShareFile to find interesting files with the word password or sensitive or other helpful strings.

  • eavesarp helped me identify some weird hosts on weird subnets sending regular bursts of traffic to "interesting" hosts! Check out this video from Black Hills Infosec to learn more.

I've also got some personal updates for you, including:

  • House updates
  • Fighting with the man/woman upstairs
  • My worst Webinar nightmare came true
  • A socially distanced wedding singing experience

Episoder(701)

7MS #132: I Got a New Job - Part 1

7MS #132: I Got a New Job - Part 1

This is a four-part series about my transition to a new job! The topics are as follows: Part 1: When it may be time to look for a new job (or not) Part 2: How to stand out during phone screenings and interviews Part 3: How to gracefully transition from old job to new job Part 4: Here's what I'm doing in my new gig!

1 Jan 20167min

7MS #131: How to Attempt a Two Week Pentest in Two Days

7MS #131: How to Attempt a Two Week Pentest in Two Days

The title says it all. I had two days to pentest a network that probably would've taken two or more people two weeks or more. I laughed. I cried. I had fun.

30 Des 20158min

7MS #130: Sqlmap and Sqlninja FTW

7MS #130: Sqlmap and Sqlninja FTW

This episode talks about some fun I had using sqlmap, and how using it in conjunction with Sqlninja makes me happy to be alive.

29 Des 20157min

7MS #129: Embarrassing Stories

7MS #129: Embarrassing Stories

In this episode I talk about face-planting in my office at the first job I had out of college.

27 Des 20158min

7MS #128: Transparency is King

7MS #128: Transparency is King

In this episode, I talk about a restaurant infosec assessment I did, and how the recommendations coming out of that assessment didn't fit the standard "mold." I also talk about how being transparent and helpful - and NOT billing clients for every tiny little thing - is king.

27 Des 20159min

7MS #127: Intro to HIPAA Assessments

7MS #127: Intro to HIPAA Assessments

This episode covers a few HIPAA tidbits I picked up while preparing for - and executing - a HIPAA security assessment.

27 Des 20159min

7MS #126: Get Your Name Out There

7MS #126: Get Your Name Out There

This episode isn't about infosec exactly, but it talks about how using public resources like LinkedIn, Twitter and blogs to boost your "brand" (though I hate that word) and help you get more connected to the infosec community, job leads and more!

24 Des 20158min

7MS #125: Securing Your Life-Part 2

7MS #125: Securing Your Life-Part 2

Way back in episode #93, I talked about things you can do to secure your life (mortgage review, adequate insurance, estate planning, investments, etc.). This episode continues that train of thought and covers: getting the right amount of life insurance, getting the right home/auto coverage, as well as estate planning.

23 Des 20157min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
popradet
stopp-verden
fotballpodden-2
dine-penger-pengeradet
bt-dokumentar-2
det-store-bildet
nokon-ma-ga
lydartikler-fra-aftenposten
frokostshowet-pa-p5
rss-gukild-johaug
rss-dannet-uten-piano
rss-ness
e24-podden
aftenbla-bla
rss-penger-polser-og-politikk
tut-mediekjr