7MS #533: Tales of Pentest Pwnage - Part 40
7 Minute Security12 Aug 2022

7MS #533: Tales of Pentest Pwnage - Part 40

Ok, ok, I know. I almost always say something like "Today is my favorite tale of pentest pwnage." And guess what? Today is my favorite tale of pentest pwnage, and I don't even know how it's going to end yet, so stay tuned to next week's (hopefully) exciting conclusion. For today, though, I've got some pentest tips to hopefully help you in your journeys of pwnage:

  • PowerHuntShares is awesome at finding SMB shares and where you have read/write permissions on them. Note there is a -Threads flag to adjust the intensity of your scan.
  • Are your mitm6 attacks not working properly - even though they look like they should? There might be seem LDAP/LDAPs protections in play. Use LdapRelayScan to verify!
  • Are you trying to abuse Active Directory Certificate Services attack ESC1 but things just don't seem to be working? Make sure the cert you are forging is properly representing the user you are trying to spoof by using Get-LdapCurrentUser.ps1. Also look at PassTheCert as another tool to abuse ADCS vulnerabilities.

Example syntax for LdapCurrentUser:

Get-LdapCurrentUser -certificate my.pfx -server my.domain.controller:636 -usessl -CertificatePassword admin

  • If you manage to get your hands on an old Active Directory backup, this PowerShell snippet will help you get a list of users from the current domain, sorted by passwordlastset. That way you can quickly find users who haven't changed their password since the AD backup:

get-aduser -filter * -server victimdomain.local -properties pwdlastset,passwordlastset,enabled | where { $_.Enabled -eq $True} | select-object samaccountname,passwordlastset | sort-object passwordlastset

Episoder(683)

7MS #59: Traveling with a Red Giant – Part 2 (audio)

7MS #59: Traveling with a Red Giant – Part 2 (audio)

A few episodes back I talked about Red Giant, a cool service that provides you with a pre-paid debit card that can be controlled/locked with your phone. I finally got my card working, and this episode’s about some cool things I learned about it. 7MS #59: Traveling with a Red Giant – Part 2 (audio)

7 Mai 20157min

7MS #58: What Should We Do First? (audio)

7MS #58: What Should We Do First? (audio)

At the end of just about every assessment I deliver, the client asks “What should we do first?” They (understandably) want to know a “top 5″ list of things they should change right away to improve their security posture. Today’s episode explores that a bit. 7MS #58: What Should We Do Next? (audio)

5 Mai 20158min

7MS #57: How to Review a Firewall (audio)

7MS #57: How to Review a Firewall (audio)

In this episode I talk about a few different ways to approach firewall reviews/audits. This document was very helpful in getting my template started. Also check out Nipper if you’re looking for a firewall review/audit tool. 7MS #57: How to Review a Firewall (audio)

30 Apr 20158min

7MS #56: OFFTOPIC – Catching Up and Blowing Noses (audio)

7MS #56: OFFTOPIC – Catching Up and Blowing Noses (audio)

A few offtopic things: What you can expect as far as a podcast release schedule going forward Two suspicious charges that showed up on my credit card while out of town! 7MS #56: OFFTOPIC – Catching Up and Blowing Noses (audio)

28 Apr 20158min

7MS #55: OFFTOPIC – What’s in Brian’s Murse? (video)

7MS #55: OFFTOPIC – What’s in Brian’s Murse? (video)

Ok I don’t really have a murse, but I wanted to do a short video(!) podcast to show you some sorta-security-related gadgets that I’ve been nerding out on the last few weeks. 7MS #55: OFFTOPIC – What’s in Brian’s Murse? (video)

22 Apr 20156min

7MS #54: Traveling with a Red Giant (audio)

7MS #54: Traveling with a Red Giant (audio)

If you’re concerned about your credit/debit card security, you might want to give Red Giant a try. It’s a service that provides a debit card you can unlock *only* when buying something. It’s cool. Oh, and Red Giant is NOT sponsoring this episode. If I ever get sponsors, I’ll disclose them clearly. :-) 7MS #54:…

16 Apr 20157min

7MS #53: Are You Ready to Get Robbed? (audio)

7MS #53: Are You Ready to Get Robbed? (audio)

Business DR plans are a hugely important – and often overlooked – piece of the infosec puzzle. But what about at home? If you got run over by a bus tomorrow, would you have good plans in place to help your partner/spouse take over the tech side of your household? That’s what we’re talkin’ about…

14 Apr 20157min

7MS #52: OFFTOPIC – My Son is Really Loyal (audio)

7MS #52: OFFTOPIC – My Son is Really Loyal (audio)

It’s another off-topic episode today. This one’s about how my eight-year-old son is fiercely loyal, and wants to settle a 25-year-old score for me. 7MS #52: OFFTOPIC – My Son is Really Loyal (audio)

9 Apr 20158min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
stopp-verden
popradet
nokon-ma-ga
dine-penger-pengeradet
det-store-bildet
fotballpodden-2
aftenbla-bla
e24-podden
unitedno
rss-ness
rss-penger-polser-og-politikk
rss-fredrik-og-zahid-loser-ingenting
bt-dokumentar-2
rss-borsmorgen-okonominyhetene
oppdatert
chit-chat-med-helle