7MS #589: Tales of Pentest Pwnage - Part 51
7 Minute Security15 Sep 2023

7MS #589: Tales of Pentest Pwnage - Part 51

In today's tale of pentest pwnage we talk about:

  • The importance of local admin and how access to even one server might mean instant, full control over their backup or virtualization infrastructure

  • Copying files via WinRM when copying over SMB is blocked:

$sess = New-PSSession -Computername SERVER-I-HAVE-LOCAL-ADMIN-ACCESS-ON -Credential *

...then provide your creds...and then:

copy-item c:\superimportantfile.doc -destination c:\my-local-hard-drive\superimportantfile.doc -fromsession $sess
  • If you come across PowerShell code that crafts a secure string credential, you may able to decrypt the password variable with:
[System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($MyVarIWantToDecryptGoesHere))

Episoder(683)

7MS #3: Patch Strategies: Part 1 (audio)

7MS #3: Patch Strategies: Part 1 (audio)

In this episode I talk about some trends (and problems) we’re seeing on the patching front – specifically OS and third-party apps. Download: Episode 3: Patch Strategies: Part 1 (audio) Show notes: Most organizations have the Microsoft side of the house patched well – but the third party apps (Java/Flash/Reader/etc.)? Not so much…but that’s just…

13 Feb 20147min

7MS #2: The Importance of Logging and Alerting! (audio)

7MS #2: The Importance of Logging and Alerting! (audio)

In this episode I talk about how a client of ours learned a hard lesson: that the lack of logging/alerting makes for a pretty miserable investigation after they were breached. Download: Episode 2: The Importance of Logging and Alerting! (audio) Show notes: Public-facing terminal servers without 2FA basically have a sign on their back that…

1 Feb 20147min

7MS #1: Epic Introduction! (audio)

7MS #1: Epic Introduction! (audio)

In this episode, I talk about the inspiration behind the 7MS podcast and my vision for it going forward. (Admittedly, my ulterior motive is to use this intro episode to figure out how in the heck to get this podcast submitted and visible on iTunes :-). Download Episode 1: Epic Introduction to 7MS (MP3) I’ll…

1 Feb 20147min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
stopp-verden
popradet
nokon-ma-ga
dine-penger-pengeradet
fotballpodden-2
det-store-bildet
aftenbla-bla
e24-podden
unitedno
rss-penger-polser-og-politikk
rss-ness
bt-dokumentar-2
rss-fredrik-og-zahid-loser-ingenting
rss-borsmorgen-okonominyhetene
oppdatert
skartveit