7MS #354: Tales of Internal Pentest Pwnage - Part 2
7 Minute Security25 Mars 2019

7MS #354: Tales of Internal Pentest Pwnage - Part 2

Today's episode is the thrilling, exciting, heart-pounding conclusion of Tales of Internal Pentest Pwnage - Part 1. In this episode, we cover the final "wins" that got me to Domain Admin status (and beyond!):

  • Got DA but can't get to your final "crown jewels" destinations? How about going after the organization's backups (evil grin!)

  • Got DA but stuck to find hot leads to where the crown jewels are? Get snoopy and go through people's files, folders and...bookmark caches! (evil grin #2!)

  • If your nmap/eyewitness scan turns up Web sites with simply an IIS default landing page or "It works!" Apache page on it, there's probably more there than meets the eye.

We also talk about lessons learned from this pentest - both things done well and things the org can do to make the next pentester's job a lot harder.

Avsnitt(691)

7MS #3: Patch Strategies: Part 1 (audio)

7MS #3: Patch Strategies: Part 1 (audio)

In this episode I talk about some trends (and problems) we’re seeing on the patching front – specifically OS and third-party apps. Download: Episode 3: Patch Strategies: Part 1 (audio) Show notes: Most organizations have the Microsoft side of the house patched well – but the third party apps (Java/Flash/Reader/etc.)? Not so much…but that’s just…

13 Feb 20147min

7MS #2: The Importance of Logging and Alerting! (audio)

7MS #2: The Importance of Logging and Alerting! (audio)

In this episode I talk about how a client of ours learned a hard lesson: that the lack of logging/alerting makes for a pretty miserable investigation after they were breached. Download: Episode 2: The Importance of Logging and Alerting! (audio) Show notes: Public-facing terminal servers without 2FA basically have a sign on their back that…

1 Feb 20147min

7MS #1: Epic Introduction! (audio)

7MS #1: Epic Introduction! (audio)

In this episode, I talk about the inspiration behind the 7MS podcast and my vision for it going forward. (Admittedly, my ulterior motive is to use this intro episode to figure out how in the heck to get this podcast submitted and visible on iTunes :-). Download Episode 1: Epic Introduction to 7MS (MP3) I’ll…

1 Feb 20147min

Populärt inom Politik & nyheter

svenska-fall
p3-krim
rss-krimstad
fordomspodden
rss-viva-fotboll
flashback-forever
aftonbladet-daily
rss-sanning-konsekvens
rss-vad-fan-hande
olyckan-inifran
dagens-eko
rss-frandfors-horna
krimmagasinet
motiv
rss-krimreportrarna
rss-expressen-dok
svd-dokumentara-berattelser-2
blenda-2
svd-nyhetsartiklar
spotlight