7MS #365: Interview with Ryan Manship and Dave Dobrotka - Part 3
7 Minute Security30 Mai 2019

7MS #365: Interview with Ryan Manship and Dave Dobrotka - Part 3

This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out Authentic8.

First, a bit of miscellany:

  • If you replace "red rain" with "red team" in this song, we might just have a red team anthem on our hands!

  • If you're in the Twin Cities area and looking for an infosec analyst job, check out this posting with UBB. If interested, I can help make an electronic introduction - and/or let 'em know 7 Minute Security sent ya!

Ok, in today's program we're talking about red teaming again with our third awesome installment with Ryan and Dave who are professional red teamers! Today we cover:

  • Recon - it's super important! It's like putting together puzzle pieces...and the more of that puzzle you can figure out, less likely you'll be surprised and the more likely you'll succeed at your objective!

  • Reporting - how do you deliver reports in a way that blue team doesn't feel picked on, management understands the risk, and ultimately everybody leaves feeling charged to secure all the things?

I also asked the questions folks submitted to me via LinkedIn/Slack:

  • Any tips for the most dreaded part of an assessment (reports)?

  • How do you get around PowerShell v5 with restrict language mode without having the ability to downgrade to v2?

  • What's an alternative to PowerShell tooling for internal pentesting? (hint: C# is the hotness)

  • What certs/skills should I pursue to get better at red teaming (outside of "Hey, go build a lab!").

  • Are customers happy to get assessed by a red team exercise, or do they do it begrudgingly because of requirements/regulations?

Episoder(695)

7MS #23: OSCP – part 2 (audio)

7MS #23: OSCP – part 2 (audio)

In this episode I talk more about my adventures with OSCP and Offensive Security! . Download: 7MS #23: OSCP – part 2 (audio) Show notes: I recommend documenting ALL the exercises in the PDF. My understanding is that extra effort could be rewarded if you don’t do so hot on your final exam. Buffer overflows make…

9 Aug 20147min

7MS #22: Phishing with Black Squirrel (audio)

7MS #22: Phishing with Black Squirrel (audio)

In this episode I talk about using Black Squirrel to launch phishing campaigns! Download: 7MS #22: Phishing with Black Squirrel (audio) Show notes: Security Weekly is an excellent podcast/resource. Devour it regularly. Black Squirrel is the main tool discussed in this podcast. I’ve been using it for phishing campaigns and it’s been excellent in that capacity.

27 Jul 20147min

7MS #21: OSCP – part 1 (audio)

7MS #21: OSCP – part 1 (audio)

In this episode I talk about my venture into Offensive Security! . Download: 7MS #21: OSCP – part 1 (audio) Show notes: It’s official – I have a death wish and have started the OSCP training. This episode is the first of what I hope will be a multi-part, spoiler-free series about my experience with OSCP. With…

20 Jul 20147min

7MS #20: Moving from GoDaddy to DNSimple (audio)

7MS #20: Moving from GoDaddy to DNSimple (audio)

In this episode I talk about why I’m pulling my domains from GoDaddy, and making DNSimple their new home. Download: 7MS #20: Moving from GoDaddy to DNSimple (audio) Show notes: The service I’m talking about in this podcast is DNSimple. Troy Hunt‘s humorous/awesome article pushed me over the edge and convinced me to give DNSimple a…

15 Jul 20147min

7MS #19: Kioptrix! (audio)

7MS #19: Kioptrix! (audio)

In this episode I talk about a deliciously vulnerable series of VMs called Kioptrix, and how you can use them to sharpen your pentesting skills. Download: 7MS #19: Kioptrix! (audio) Show notes: The Kioptrix series of VMs is here: http://www.kioptrix.com/blog/test-page/ and here: http://vulnhub.com/?q=kioptrix&sort=date-des&type=vm. Got approved for my OSCP training and I start it in a few…

5 Jul 20147min

7MS #18: Wireless Security 101 (audio)

7MS #18: Wireless Security 101 (audio)

In this episode I talk about some wireless security basics that we’re not seeing when out on assessments. Download: 7MS #18: Wireless Security 101 (audio) Show notes: WEP encryption is very, very bad. It’s easy to crack. Don’t use it. Wifite will demonstrate how easy it is to crack WEP. Stronger encryption such as WPA/WPA2…

22 Jun 20147min

7MS #17: How to Pass the Certified Ethical Hacker Exam (audio)

7MS #17: How to Pass the Certified Ethical Hacker Exam (audio)

In this episode I share my experience with EC-Council’s Certified Ethical Hacker training and exam. Download: 7MS #17: How to Pass the Certified Ethical Hacker Exam (audio) Show notes: Here’s info on the CEH training and test outline. I took my CEH training through UFairfax with instructor Leo Dregier. See this post I wrote that…

14 Jun 20147min

7MS #16: PwnPad Initial Impressions – part 2! (audio)

7MS #16: PwnPad Initial Impressions – part 2! (audio)

In this episode I talk about my first-hand experience using the PwnPad for wireless pentesting. Download: 7MS #16: PwnPad Initial Impressions – Part 2 Show notes: In a nutshell: PwnPad is a great tool to simplify/automate some wireless recon and/or hacking! PwnieExpress has a great write-up on mapping APs w/GPS coordinates using Google Earth here:…

31 Mai 20147min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
popradet
forklart
stopp-verden
det-store-bildet
bt-dokumentar-2
fotballpodden-2
dine-penger-pengeradet
nokon-ma-ga
rss-penger-polser-og-politikk
rss-dannet-uten-piano
aftenbla-bla
frokostshowet-pa-p5
e24-podden
rss-ness
unitedno
rss-borsmorgen-okonominyhetene
rss-garne-damer