7MS #334: IT Security Horrors That Keep You Up at Night
7 Minute Security1 Nov 2018

7MS #334: IT Security Horrors That Keep You Up at Night

This week I got to celebrate Halloween with my friends at Netwrix by co-hosting a Webinar called IT Security Horrors That Keep You Up at Night. The content was a modified version of the Blue Team on a Budget talk I've been doing the past year or so, and essentially focuses on things organizations can do to better defend their networks without draining their budgets.

The presentation had a Child's Play theme and showed Chucky trying to hack Andy's company via:

  • Phishing
  • Abusing bad domain passwords
  • Abusing bad local admin passwords
  • Responder attack
  • Lack of SMB signing

Each attack was also followed up my some advice for how to stop it (or at least slow down its effectiveness).

The presentation itself was a blast and I learned some good public speaking lessons as a result:

  • Get your slides done early! - when co-presenting, it makes sense that they want to see your slides sooner than the day of! :-)

  • Don't freak out about an audience of "none" - I always think Webinars are weird because you can't see people's faces or interpret their body language to get a feel for whether they appreciate your humor or understand the points you're trying to make. I learned you just gotta keep pushing forward "blind" whether you like it or not.

  • Setup a redundant presentation system - ok so file this one with the irrational fears dept, but I actually had a second laptop ready with my presentation loaded, and the laptop was connected to a cell hotspot I setup on a tablet. That way if my machine BSOD'd or Internet went out in my house, I could quickly rejoin the presentation and pick up where I left off. Safe or psycho? You decide!

Happy belated Halloween!

Episoder(720)

7MS #592: 7 Steps to Recover Your Hacked Facebook Account

7MS #592: 7 Steps to Recover Your Hacked Facebook Account

Today we're talking about 7 steps you can take to (hopefully) reclaim a hacked Facebook account. The key steps are: Ask Facebook for help (good luck with that) Put out an SOS on your socials Flag dow...

6 Okt 202319min

7MS #591: Tales of Pentest Pwnage - Part 52

7MS #591: Tales of Pentest Pwnage - Part 52

Today we talk about an awesome path to internal network pentest pwnage using downgraded authentication from a domain controller, a tool called ntlmv1-multi, and a boatload of cloud-cracking power on t...

29 Sep 202333min

7MS #590: Hacking Billy Madison - Part 2

7MS #590: Hacking Billy Madison - Part 2

Today my Paul and I continued hacking Billy Madison (see part one here) and learned some interesting things: You can fuzz a URL with a specific file type using a format like this: wfuzz -c -z file,...

22 Sep 202313min

7MS #589: Tales of Pentest Pwnage - Part 51

7MS #589: Tales of Pentest Pwnage - Part 51

In today's tale of pentest pwnage we talk about: The importance of local admin and how access to even one server might mean instant, full control over their backup or virtualization infrastructure ...

15 Sep 202314min

7MS #588: Becoming a Sysmon Sensei with Amanda Berlin

7MS #588: Becoming a Sysmon Sensei with Amanda Berlin

Today Amanda Berlin from Blumira teaches us how to unlock the power of Sysmon so we can gain insight into the good, bad and ugly things happening on our corporate endpoints!  Key takeaways: Sysmon tu...

8 Sep 202324min

7MS #587: Hacking Billy Madison

7MS #587: Hacking Billy Madison

Today my pal Paul from Project7 and I hack the heck out of Billy Madison a vulnerable virtual machine that is celebrating its 7th anniversary this month!

1 Sep 202336min

7MS #586: DIY Pentest Dropbox Tips – Part 8

7MS #586: DIY Pentest Dropbox Tips – Part 8

Today, sadly, might be the last episode of DIY pentest dropbox tips for a while because I found (well, ChatGPT did actually) the missing link to 100% automate a Kali Linux install! Check episode #449 ...

25 Aug 202318min

7MS #585: DIY Pentest Dropbox Tips – Part 7

7MS #585: DIY Pentest Dropbox Tips – Part 7

Hey friends, today I'm super excited to share I found the missing link! Specifically, the missing piece that now allows me to create fully automated Windows 10 installs that serve as virtual pentest j...

18 Aug 202324min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
popradet
stopp-verden
fotballpodden-2
rss-gukild-johaug
lydartikler-fra-aftenposten
nokon-ma-ga
det-store-bildet
hanna-de-heldige
dine-penger-pengeradet
rss-ness
rss-espen-lee-usensurert
aftenbla-bla
e24-podden
rss-dannet-uten-piano
rss-penger-polser-og-politikk
frokostshowet-pa-p5