7MS #382: Tales of Internal Network Pentest Pwnage - Part 9
7 Minute Security24 Sep 2019

7MS #382: Tales of Internal Network Pentest Pwnage - Part 9

Today's episode is brought to you by ITProTV. It's never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute.

Today's episode is about a pentest that was pretty unique for me. I got to ride shotgun and kind of be in the shadows while helping another team pwn a network.

This was an especially interesting one because the client had a lot of great security defenses in place, including:

  • Strong user passwords
  • A SIEM solution that appeared to be doing a great job

We did some looking for pwnage opportunities such as:

  • Systems missing EternalBlue patch
  • Systems missing BlueKeep patch

What got us a foot in the door was the lack of SMB signing. Check this gist to see how you can use RunFinger.py to find hosts without SMB signing, then use Impacket and Responder to listen for - and pass - high-priv hashes.

Side note: I'm working on getting a practical pentesting gist together in the vein of Penetration Testing: A Hands-On Introduction to Hacking and Hacker Playbook.

Episoder(720)

7MS: #559: Tales of Pentest Pwnage - Part 46

7MS: #559: Tales of Pentest Pwnage - Part 46

Ooooo giggidy! Today's episode is about a pentest pwnage path that is super fun and interesting, and I've now seen 3-4 times in the wild. Here are some notes from the audio/video that will help bring ...

10 Feb 202322min

7MS #558: How to Build a Vulnerable Pentest Lab - Part 2

7MS #558: How to Build a Vulnerable Pentest Lab - Part 2

Today we continue part 2 of a series we started a few weeks ago all about building a vulnerable pentesting lab. Check out the video above, and here are the main snippets of code and tips to get you go...

7 Feb 202322min

7MS #557: Better Passive Network Visibility Using Teleseer

7MS #557: Better Passive Network Visibility Using Teleseer

Today we're talking about Teleseer, which is an awesome service to give you better network visibility - whether you're on the blue, red or purple team! It all starts with a simple packet capture, and ...

27 Jan 20237min

7MS #556: How to Build a Vulnerable Pentest Lab

7MS #556: How to Build a Vulnerable Pentest Lab

Today's episode is brought to us by our friends at Blumira! Today we kick off a series all about building your own vulnerable pentest lab from scratch, specifically: Spinning up a domain controller ...

20 Jan 20237min

7MS #555: Light Pentest eBook 1.1 Release

7MS #555: Light Pentest eBook 1.1 Release

Today we're releasing version 1.1 of our Light Pentest eBook. Changes discussed in today's episode (and shown live in the accompanying YouTube video) include: Some typos and bug fixes A new section o...

13 Jan 20237min

7MS #554: Simple Ways to Test Your SIEM

7MS #554: Simple Ways to Test Your SIEM

Today we talk about Simple Ways to Test Your SIEM. Feel free to check out the YouTube version of this presentation, as well as our interview with Matt from Blumira for even more context, but here are ...

6 Jan 202359min

7MS #553: The Artificial Intelligence Throat Burn Episode

7MS #553: The Artificial Intelligence Throat Burn Episode

Hey friends, today's episode is hosted by an AI from Murf.ai because I suffered a throat injury over the holidays and spent Christmas morning in the emergency room! TLDL: I'm fine, but if you want the...

30 Des 20225min

7MS #552: Tales of Pentest Pwnage - Part 45

7MS #552: Tales of Pentest Pwnage - Part 45

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent...

24 Des 202257min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
popradet
stopp-verden
lydartikler-fra-aftenposten
fotballpodden-2
det-store-bildet
nokon-ma-ga
rss-gukild-johaug
hanna-de-heldige
dine-penger-pengeradet
rss-ness
rss-espen-lee-usensurert
aftenbla-bla
rss-dannet-uten-piano
e24-podden
grasoner-den-nye-kalde-krigen
frokostshowet-pa-p5