7 Minute Security14 Apr 2021

7MS #463: DIY Pentest Dropbox Tips - Part 5

In the last two episodes of this series (#449 and #450) we've been diving into how to not only speed up the process of spinning up a DIY pentest dropbox, but how to automate nearly the entire build process!

In today's episode we talk specifically about how to streamline the Windows 10 build process. As previously mentioned, this article is awesome for creating a core Win 10 answer file that will format C:, setup a local admin, login once to the configured desktop and then do whatever things you want it to do. Personally, I like having a single batch file get fired off that:

Sets the timezone with tzutil /s "Central Standard Time"
Stops the VM from falling asleep with powercfg.exe -change -standby-timeout-ac 0
Grabs and runs a PS file that does a ton of downloading and unzipping of files with:

invoke-webrequest https://somesite/somefile.zip -outfile c:\somewhere\somefile.zip expand-archive c:\somewhere\somefile.zip -destinationpath "c:\somewhere\extracted\"

Installs Windows updates with:

Install-PackageProvider -name nuget -force Install-Module PSWindowsUpdate -force Import-Module PSWindowsUpdate Get-WindowsUpdate Install-WindowsUpdate -AcceptAll -IgnoreReboot

Sets a new name for the machine:

Write-Host "Picking a new name for this machine...you'll need to provide your admin pw to do so" Rename-Computer -LocalCredential administrator -PassThru Write-Host "New name accepted!"

Does a set of actions depending on the IP range with this code (which sets the IP address to a variable and then does stuff if the machine sits in that subnet):

$ip = ((ipconfig | findstr [0-9].\.)[0]).Split()[-1] f ($ip -like "192.168.0.*") { Invoke-Webrequest https://somesite/somefile.ps1 -OutFile c:\someplace\somefile.ps1 }

Also, I talk in this episode about how I try to host these "seed" files as securely as possible using Amazon Lightsail instances, the built-in firewall, and LetsEncrypt.

Oppdag Premium

Prøv 14 dager gratis

Kjøp Premium

Episoder(719)

7MS #695: Tales of Pentest Pwnage - Part 78

Today's tale of pentest pwnage involves: Using mssqlkaren to dump sensitive goodies out of SCCM Using a specific fork of bloodhound to find machines I could force password resets on (warning: don't d...

3 Okt 202515min

7MS #694: Tales of Pentest Pwnage – Part 77

Hey friends, today I talk about how fun it was two combine two cool pentest tactics, put them in a blender, and move from local admin to mid-tier system admin access (with full control over hundreds o...

26 Sep 202533min

7MS #693: Pwning Ninja Hacker Academy – Part 3

This week your pal and mine Joe "The Machine" Skeen kept picking away at pwning Ninja Hacker Academy. To review where we've been in parts 1 and 2: We found a SQL injection on a box called SQL, got a...

19 Sep 202528min

7MS #692: Tales of Pentest Pwnage – Part 76

Happy Friday! Today's another hot pile of pentest pwnage. To make it easy on myself I'm going to share the whole narrative that I wrote up for someone else: I was on a pentest where a DA account would...

12 Sep 202532min

7MS #691: Tales of Pentest Pwnage – Part 75

Holy schnikes, today might be my favorite tale of pentest pwnage ever. Do I say that almost every episode? yes. Do I mean it? Yes. Here are all the commands/links to supplement today's episode: Got a...

5 Sep 202531min

7MS #690: Tales of Pentest Pwnage – Part 74

Today's tale of pentest pwnage is a classic case of "If your head is buried in the pentest sand, pop it out for a while, touch grass, and re-enumerate what you've already enumerated, because that can ...

29 Aug 202521min

7MS #689: Pwning Ninja Hacker Academy – Part 2

Hello friends! Today your friend and mine, Joe "The Machine" Skeen joins me as we keep chipping away at pwning Ninja Hacker Academy! Today's pwnage includes: "Upgrading" our Sliver C2 connection to...

22 Aug 202515min

7MS #688: Building a Pentest Training Course Is Fun and Frustrating

Today I talk about a subject I love while also driving me crazy at the same time: building a pentest training course! Specifically, I dissect a fun/frustrating GPO attack that I need to build very car...

16 Aug 202522min

Reklamefrie Premium-podkaster

Hør populære podkaster som Storefri med Mikkel og Herman, Ida med hjertet i hånden, Krimpodden og mye mye mer

Skap din egen podkastboble

I appen skaper du ditt eget bibliotek med favoritter, og vi gir deg også anbefalinger til podkaster du ikke kan gå glipp av.

Prøv 14 dager gratis

Dersom du er ny Podme-bruker får du 14 dager gratis prøveperiode når du oppretter abonnement

Premium

99 kr/ måned

Tilgang til alle våre Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker

Prøv 14 dager gratis

Premium

129 kr/ måned

Tilgang til alle Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker
En Ekstra bruker

Prøv 14 dager gratis

Populært innen Politikk og nyheter

Historiene og stemmene du vil høre

Ubegrenset tilgang til alle dine favorittpodkaster og lydbøker

Les mer