7MS #463: DIY Pentest Dropbox Tips - Part 5
7 Minute Security14 Apr 2021

7MS #463: DIY Pentest Dropbox Tips - Part 5

In the last two episodes of this series (#449 and #450) we've been diving into how to not only speed up the process of spinning up a DIY pentest dropbox, but how to automate nearly the entire build process!

In today's episode we talk specifically about how to streamline the Windows 10 build process. As previously mentioned, this article is awesome for creating a core Win 10 answer file that will format C:, setup a local admin, login once to the configured desktop and then do whatever things you want it to do. Personally, I like having a single batch file get fired off that:

  • Sets the timezone with tzutil /s "Central Standard Time"

  • Stops the VM from falling asleep with powercfg.exe -change -standby-timeout-ac 0

  • Grabs and runs a PS file that does a ton of downloading and unzipping of files with:

invoke-webrequest https://somesite/somefile.zip -outfile c:\somewhere\somefile.zip expand-archive c:\somewhere\somefile.zip -destinationpath "c:\somewhere\extracted\"
  • Installs Windows updates with:
Install-PackageProvider -name nuget -force Install-Module PSWindowsUpdate -force Import-Module PSWindowsUpdate Get-WindowsUpdate Install-WindowsUpdate -AcceptAll -IgnoreReboot
  • Sets a new name for the machine:
Write-Host "Picking a new name for this machine...you'll need to provide your admin pw to do so" Rename-Computer -LocalCredential administrator -PassThru Write-Host "New name accepted!"
  • Does a set of actions depending on the IP range with this code (which sets the IP address to a variable and then does stuff if the machine sits in that subnet):
$ip = ((ipconfig | findstr [0-9].\.)[0]).Split()[-1] f ($ip -like "192.168.0.*") { Invoke-Webrequest https://somesite/somefile.ps1 -OutFile c:\someplace\somefile.ps1 }

Also, I talk in this episode about how I try to host these "seed" files as securely as possible using Amazon Lightsail instances, the built-in firewall, and LetsEncrypt.

Episoder(720)

7MS #64: Wifi Sniffing is Fun-Part 1 (audio)

7MS #64: Wifi Sniffing is Fun-Part 1 (audio)

I got a fun project involving wireless sniffing, followed up by scraping through packets looking for credit card data! Here's part 1, which talks about about software/hardware you might need to do thi...

28 Mai 20157min

7MS #63: I'm Excited to Go Phishing (audio)

7MS #63: I'm Excited to Go Phishing (audio)

This week I'll be launching a phishing campaign against an organization that has been well trained to defend against such malicious attacks and links! Will this organization break my company's 100% su...

21 Mai 20157min

7MS #62: You Should Run LAPS (audio)

7MS #62: You Should Run LAPS (audio)

I'm excited about this! Microsoft has released a tool called Local Administrator Password Solution to help administrators manage local admin credentials for domain-joined machines. Check out this arti...

19 Mai 20157min

7MS #61: Why Local Admin Rights Suck (audio)

7MS #61: Why Local Admin Rights Suck (audio)

Users running as local admins on their machine are a big risk! This episode discusses some reasons why, and also here is the link to the Avecto study I mention regarding how many Microsoft vulnerabili...

14 Mai 20158min

7MS #60: How Not to Suck at Customer Service (audio)

7MS #60: How Not to Suck at Customer Service (audio)

This episode was inspired by two awesome customer service experiences I had in the past week. It got me thinking: how can we as infosec professionals suck less with our customer service approach? 7MS ...

12 Mai 20158min

7MS #59: Traveling with a Red Giant – Part 2 (audio)

7MS #59: Traveling with a Red Giant – Part 2 (audio)

A few episodes back I talked about Red Giant, a cool service that provides you with a pre-paid debit card that can be controlled/locked with your phone. I finally got my card working, and this episode...

7 Mai 20157min

7MS #58: What Should We Do First? (audio)

7MS #58: What Should We Do First? (audio)

At the end of just about every assessment I deliver, the client asks "What should we do first?" They (understandably) want to know a "top 5″ list of things they should change right away to improve the...

5 Mai 20158min

7MS #57: How to Review a Firewall (audio)

7MS #57: How to Review a Firewall (audio)

In this episode I talk about a few different ways to approach firewall reviews/audits. This document was very helpful in getting my template started. Also check out Nipper if you're looking for a fire...

30 Apr 20158min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
popradet
stopp-verden
fotballpodden-2
rss-gukild-johaug
lydartikler-fra-aftenposten
nokon-ma-ga
det-store-bildet
hanna-de-heldige
dine-penger-pengeradet
rss-ness
rss-espen-lee-usensurert
aftenbla-bla
e24-podden
rss-dannet-uten-piano
rss-penger-polser-og-politikk
frokostshowet-pa-p5