7MS #455: Tales of Internal Network Pentest Pwnage - Part 24

As I was preparing for my Secure 360 talk a month or so ago, I stumbled upon this awesome article which details a method for getting Domain Admin access in just a few minutes - without cracking passwords or doing anything else "loud." The tools you'll need are: PowerShell Empire DeathStar Responder Ntlmrelayx I've written up all the steps in a gist that you can grab here. Enjoy!

7 Juni 201818min

It has been a heck of a week (in a good way), and I'm taking a break from security so you can help me untangle a mystery that's been wrapped around my brain for years. I need you to help me figure out what this dude meant when he said that something was as frustrating "as boxing a cat." P.S. if you hate off-topic episodes no worries! We'll be back to our regularly scheduled security program next week!

30 Maj 201818min

This week I dove into building a Cuckoo Sandbox for malware analysis. There are certainly a ton of posts and videos out there about it, but this entry called Painless Cuckoo Sandbox Installation caught my eye as a good starting point. This article got me about 80% of the way there, and the last 20% proved to be problematic. I got some additional answers from the Cuckoo documentation but still left some answers to be desired. Through a lot of Googling, banging my head against the wall and looking at the GitHub issues list, I finally got everything working. I've taken my entire build process and included it as a gist here. Enjoy!

24 Maj 201815min

Last week I was in the recording studio to record three 7MS commercials aimed at churches. The goal was to educate them on some security topics and close with a "hook" to contact 7MS for help securing your church. The commercials themselves are embedded in this episode so please have a listen and let me know what you think! I'll also let you know (via the podcast) when these commercials hit the air. It's likely the station won't air in your area, but you can catch it on the interwebs if you so desire (thanks again for your support, mom).

18 Maj 201812min

Cracking passwords in the cloud is super fun (listen to last week's episode to learn how to build your own cracking box on the cheap at Paperspace)! In the last couple weeks, customers have asked me about doing a password strength assessment on their Active Directory environment. I asked around and read a bunch of blogs and found a method that I think: Extracts the hashes safely Parses down the dump to contain only the hashes (so that if somebody popped my Paperspace cloud-crackin' box, they'd have just a list of half-cracked hashes and that's it) Does the work pretty automagically I talk about this in more detail in today's podcast, and here's the gist you can follow with all the necessary commands to get AD crackin'!

9 Maj 201813min

I had an absolute ball this week trying to figure out how to crack passwords effectively, and on the cheap, and in the cloud. Today's episode goes into much more detail, and embedded below is the Gist of my approach thus far. If you've got things to add/suggest to this document, let me know! P.S. if you don't see the gist because you're reading this in a podcast-catching app, head to https://7ms.us and look up today's episode and you'll see the gist in all its gisty glory!

2 Maj 201811min

Hey, so this week I am without my main machine - thus no jingle or "jungle boogie" intro music. Feels weird. Feels real weird. Anyway, ya know how I teased last week that 7MS could possibly be coming to a radio station near you? Well I think it's more of a probability than a possibility at this point! I met with a radio exec a few weeks ago and we talked about: Lots of people still listen to the radio (who knew?) Creating a "security minute" spot that would lead to a commercial about 7MS How to write a good commercial "hook" It's difficult to write a 60-second commercial! Targeted advertising at churches, which is an under-served market when it comes to infosec Writing a new (shortened) 7MS jingle More on this today on 7MS!

25 Apr 201812min

We've dug into some pretty technical topics the last few weeks so we're gonna take it easy today. Below are some FAQs and updates I'll cover on today's show: FAQs What security certs should a sales person get? What lav mic should I get for podcasting? How do I know if I'm ready to take the OSCP? When are you gonna do some more YouTube videos? When will the PacktPub project be done? Updates Don't forget to check out these new and/or updated pages on BPATTY: Caldera LAPS PwnedPasswords Speaking engagements I learned that the Cryptolocker song was played as muzak for a security conference. That makes me LOL ;-) Those of you in Minneapolis/St. Paul are invited to join me for Blue Team on a Budget lunch and learn at Manny's - it's on May 3 and hosted by OneIdentity. I'll be at Secure360 on May 16 to give my Blue Team on a Budget talk at 9:30 a.m., and I'll also be hosting our pal Bjorn for his Twin Cities vs. OWASP Juice Shop workshop on May 17. Gonna be awesome - hope you can come to either event (or both!).

19 Apr 201818min