7 Minute Security7 Aug 2020

7MS #426: Tales of Internal Pentest Pwnage - Part 19

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.

First and foremost, I have to say that 7 Minute Security's official stance on toads is that nobody should be licking them at any time, for any reason. Also, I can neither confirm nor deny that toads can catch coronavirus. Listen to today's episode...it'll make more sense.

We've got another swell tale of internal pentest pwnage for you today! Highlights include:

If you've collected a ton of hashes with Responder, the included DumpHash.py gives you a lovely organized list of collected hashes!
Here's one way you can grab the latest CME binary:

curl https://github.com/byt3bl33d3r/CrackMapExec/releases/download/v5.0.1dev/cme-ubuntu-latest.zip -L -o cme.zip

Note to self: I must've been using outdated CME forever, because the correct syntax to get the wdigest flag is now a little different:

cme smb HOST -u localadmin -H "hash" --local-auth -M wdigest -o ACTION=enable

If you're looking to block IPv6 (ab)use in your environment, this article has some great tips.
When testing in an environment with a finely tuned SIEM, I highly recommend you download all the Kali updates and tools ahead of time, as sometimes just the call out to kali.org gets flagged and alerted on to the security team
Before using the full hatecrack methodology, I like to run hashes straight through the list of PwnedPasswords from hashes.org (which appears to currently be offline) first to give the org an idea as to what users are using easy-to-pwn passwords.
A question for YOU reading this: what's the best way to do an LSASS dump remotely without triggering AV? I can't get any of the popular methods to work. So pypykatz is my go-to.
I learned that PowerView is awesome for finding attractive shares! Run it with Find-InterestingDomainShareFile to find, well, interesting files! Files with password or sensitive or admin in the title - and much more!
Got to use PowerUpSQL to audit some MS SQL sauce, and I found this presentation (specifically slide ~19) really helpful in locating servers I could log into and any SQL vulnerabilities the boxes were ripe for.

Upptäck Premium

Prova 14 dagar kostnadsfritt

Skaffa Premium

Avsnitt(683)

7MS #51: CEH vs. OSCP (audio)

A few people have written in asking whether to pursue the CEH or OSCP (or both). This episode discusses my experience with each cert and hopefully points you in the right direction on which one might be right for you. Here’s the article on CEH I mention during the episode – it has much more…

7 Apr 20157min

7MS #50: OSCP – The Final Chapter – part 2! (audio)

At last, the epic conclusion of the maddening, redeeming OSCP journey. 7MS #50: OSCP – The Final Chapter – part 2! (audio)

2 Apr 20157min

7MS #49: OSCP – The Final Chapter – part 1! (audio)

We’ve arrived at the exciting two-part finale to my bloody battle with the OSCP! 7MS #49: OSCP – the final chapter – part 1! (audio)

31 Mars 20157min

7MS #48: So I Gave My Eight Year Old a Computer (audio)

Is it a good idea to give young kids a computer to play with? Maybe. Maybe not. Tune in to today’s episode and weigh in! 7MS #48: So I Gave My Eight Year Old a Computer (audio)

21 Mars 20158min

7MS #47: Logging and Alerting RELOADED (audio)

Hey, you should log the stuff going on in your network. This episode talks about that (again). And I reference some AD-related settings that may not be enabled in your environment…stuff you might want to turn on. Check out that information via this PDF here. 7MS #47: Logging and Alerting Reloaded (audio)

17 Mars 20157min

7MS #46: So You Want to be a Hacker? (audio)

So you want to be a hacker? Cool. In this episode I toss myself under the bus and share why I used to have a really dumb perspective on what that meant, and how my view of hackers – and hacking – has changed (and hopefully matured). 7MS #46: So You Want to be a…

14 Mars 20157min

7MS #45: OFFTOPIC – Why I Stopped Pirating Software (audio)

Warning, this is an off topic episode! I used to pirate software. There. I admitted it. But it’s funny how a letter from the Comcast legal dept. will change your mind and let you see piracy in a whole new light! 7MS #45: OFFTOPIC – Why I Stopped Pirating Software (audio)

10 Mars 20157min

7MS #44: OFFTOPIC – Annoying People at the YMCA (audio)

Warning, this is an off topic episode! Did you know it’s fun to stay at the YMCA? Did you also know it’s fun to annoy annoying people at the YMCA? Listen to this episode to find out why. 7MS #44: OFFTOPIC – Annoying People at the YMCA (audio)

7 Mars 20157min

Allt en och samma app

Lyssna på dina favoritpoddar och ljudböcker på ett och samma ställe.

Noga utvalt innehåll

Njut av handplockade tips som passar din smak – utan ändlöst scrollande.

Fortsätt när du vill

Fortsätt lyssna där du slutade – även offline.

Premium

99 kr/mån

Tillgång till alla Premium-poddar
Lyssna utan reklam
Avsluta när du vill

Prova 14 dagar gratis

Premium

129 kr/mån

Tillgång till alla Premium-poddar
Lyssna utan reklam
Avsluta när du vill
Ett extra konto

Prova 14 dagar gratis

Populärt inom Politik & nyheter

Berättelserna och rösterna du älskar att lyssna på

Obegränsad lyssning på alla dina favoritpoddar och ljudböcker

Upptäck Premium