7MS #506: Tales of Pentest Pwnage - Part 32

This week I dove into building a Cuckoo Sandbox for malware analysis. There are certainly a ton of posts and videos out there about it, but this entry called Painless Cuckoo Sandbox Installation caught my eye as a good starting point. This article got me about 80% of the way there, and the last 20% proved to be problematic. I got some additional answers from the Cuckoo documentation but still left some answers to be desired. Through a lot of Googling, banging my head against the wall and looking at the GitHub issues list, I finally got everything working. I've taken my entire build process and included it as a gist here. Enjoy!

24 Mai 201815min

Last week I was in the recording studio to record three 7MS commercials aimed at churches. The goal was to educate them on some security topics and close with a "hook" to contact 7MS for help securing your church. The commercials themselves are embedded in this episode so please have a listen and let me know what you think! I'll also let you know (via the podcast) when these commercials hit the air. It's likely the station won't air in your area, but you can catch it on the interwebs if you so desire (thanks again for your support, mom).

18 Mai 201812min

Cracking passwords in the cloud is super fun (listen to last week's episode to learn how to build your own cracking box on the cheap at Paperspace)! In the last couple weeks, customers have asked me about doing a password strength assessment on their Active Directory environment. I asked around and read a bunch of blogs and found a method that I think: Extracts the hashes safely Parses down the dump to contain only the hashes (so that if somebody popped my Paperspace cloud-crackin' box, they'd have just a list of half-cracked hashes and that's it) Does the work pretty automagically I talk about this in more detail in today's podcast, and here's the gist you can follow with all the necessary commands to get AD crackin'!

9 Mai 201813min

I had an absolute ball this week trying to figure out how to crack passwords effectively, and on the cheap, and in the cloud. Today's episode goes into much more detail, and embedded below is the Gist of my approach thus far. If you've got things to add/suggest to this document, let me know! P.S. if you don't see the gist because you're reading this in a podcast-catching app, head to https://7ms.us and look up today's episode and you'll see the gist in all its gisty glory!

2 Mai 201811min

Hey, so this week I am without my main machine - thus no jingle or "jungle boogie" intro music. Feels weird. Feels real weird. Anyway, ya know how I teased last week that 7MS could possibly be coming to a radio station near you? Well I think it's more of a probability than a possibility at this point! I met with a radio exec a few weeks ago and we talked about: Lots of people still listen to the radio (who knew?) Creating a "security minute" spot that would lead to a commercial about 7MS How to write a good commercial "hook" It's difficult to write a 60-second commercial! Targeted advertising at churches, which is an under-served market when it comes to infosec Writing a new (shortened) 7MS jingle More on this today on 7MS!

25 Apr 201812min

We've dug into some pretty technical topics the last few weeks so we're gonna take it easy today. Below are some FAQs and updates I'll cover on today's show: FAQs What security certs should a sales person get? What lav mic should I get for podcasting? How do I know if I'm ready to take the OSCP? When are you gonna do some more YouTube videos? When will the PacktPub project be done? Updates Don't forget to check out these new and/or updated pages on BPATTY: Caldera LAPS PwnedPasswords Speaking engagements I learned that the Cryptolocker song was played as muzak for a security conference. That makes me LOL ;-) Those of you in Minneapolis/St. Paul are invited to join me for Blue Team on a Budget lunch and learn at Manny's - it's on May 3 and hosted by OneIdentity. I'll be at Secure360 on May 16 to give my Blue Team on a Budget talk at 9:30 a.m., and I'll also be hosting our pal Bjorn for his Twin Cities vs. OWASP Juice Shop workshop on May 17. Gonna be awesome - hope you can come to either event (or both!).

19 Apr 201818min

Today is part two of evaluating endpoint solutions, where I primarily focus on Caldera which is an adversary simulation system that's really awesome! You can essentially setup a virtual attacker and cut it loose on some test machines, which is what I did as part of an endpoint protection evaluation project. The attacks simulated are from Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) project. So the big question is...did any of these endpoint solutions catch some of the simulated ATT&CKs? Check out today's podcast to find out! Oh, and I wrote up my quick install guide for Caldera here.

12 Apr 201811min

I've been super pumped about Troy Hunt's Pwned Passwords project ever since it came out - especially when I saw a tweet about using it in Active Directory so that enterprises could essentially stop people from picking previously pwned passwords! That led me to explore the following two solutions: Pwned Passwords DLL This blog entry has everything you need to get started with this GitHub project. If you've got some coding skillz you can probably give everything a quick read and have the DLL installed and running in no time. If you're like me and have little to zero Visual Studio experience, head to my BPATTY site page about Pwned Passwords where I've laid everything out step-by-step! Bottom line is this is a FREE way to check AD passwords against Troy's list of 500M+ previously pwned passwords. Awesome dude! SafePass.me I gave this commercial solution a demo and it worked fine as well. It's about $700 USD and comes packaged in an .MSI file that you simply double-click to install, then reboot the domain controller(s). It looks to do the exact same thing as Pwned Passwords DLL but without having to build a DLL or install it manually.

5 Apr 201817min