7MS #456: Certified Red Team Professional - Part 4
7 Minute Security25 Feb 2021

7MS #456: Certified Red Team Professional - Part 4

Hello friends! Today, Joe (Gh0sthax) and I complete our series on CRTP - Certified Red Team Professional - a really awesome pentesting training and exam based squarely on Microsoft tools and tradecraft. Specifically, Joe and I talk about:

  • We don't think the training/exam is for beginners, despite how its advertised
  • Both the lab PDF and PowerPoint have their own quirks - which may ultimately be teaching us not to be copy-and-paste jockeys, and instead build our own study guides and cheat sheets
  • Don't let the training give you the idea that most pentests have a super fast escalation path to DA (ok yes sometimes they do, but usually we spend a LOT of hours working on escalation!)
  • Watch the walkthrough videos. We repeat: WATCH THE WALKTHROUGH VIDEOS!
  • Although not required, we highly recommend capturing all the flags laid out for you in the lab environment
  • Know how to privesc - using multiple tools/methods
  • It would be to your advantage to understand how to view/manipulate Active directory information in multiple ways
  • You start the exam with no tools. So how will you be ready to upload/download tools into the exam environment so you make the most of your exam time?
  • Tool X might give you wrong results - or none at all - in the lab. Do you have a backup tool Y and Z that can serve the same purpose?
  • You want to be very good at Kerberos ticket crafting!
  • Know all the mimikatz commands and switches and when to apply them

Avsnitt(706)

7MS #257: Speaking at Secure360

7MS #257: Speaking at Secure360

The nervous butterflies are chewing up my organs this week. Why? Because I'm speaking at Secure360 next Tuesday and Wednesday. I'm trying to build a presentation that: Appeals to both techie nerds like me, as well as regular human people Strikes a healthy balance between fun and informative So, my outline is roughly as follows: Intros Lets talk about pentesting vs. vulnerability scans Build your own hackin' lab for $500! Good/bad training (CEH vs. OSCP) Lets hack some stuff following a methodology! Tune in today's episode for more...

11 Maj 201711min

7MS #256: AlienVault Certified System Engineer - Part 2

7MS #256: AlienVault Certified System Engineer - Part 2

So a few weeks ago I did an episode about the AlienVault Certified Security Engineer certification, and last Friday I took a stab at the test. I failed. It kicked my butt. Today I'm here to both rant about the unfairness of the test and offer you some study tips so you don't suffer a similar fate. P.S. - you should definitely check out this blog as it's one of the few valuable study guides I could find out there on the Interwebs.

4 Maj 201711min

7MS #255: PwnPro 101

7MS #255: PwnPro 101

I'm kicking the tires on the PwnPro which is an all-in-one wired, wireless and Bluetooth assessment and pentesting tool. Upon getting plugged into a network, it peers with a cloud portal and lets you assess and pentest from the comfort of your jammies back at your house! Oh, and did I mention it runs Kali on the back end? Delicious. Today's episode dives into some of what I've been learning about the PwnPro as I run it through its paces at work and warm it up for our first customer assessment...

27 Apr 201710min

7MS #254: Bash Bunny

7MS #254: Bash Bunny

I've been working with the Bash Bunny for the past few weeks in preparation for a presentation/demo I'm doing in a few weeks. Today I want to talk about what the Bunny is, the cool things it can do, and some of my favorite payloads. Also, I started thinking about what conversation topics spawn from a demo of the Bunny. Specifically, I want to know how people would defend against the Bunny using AD policies, peripheral controls, etc. Check out the Hak5 thread I started about this, as it has got some great ideas.

20 Apr 201710min

7MS #253: Desperately Seeking Service Accounts

7MS #253: Desperately Seeking Service Accounts

Find the show notes here!

13 Apr 20179min

7MS #252: LAPS - Local Administrator Password Solution

7MS #252: LAPS - Local Administrator Password Solution

Show notes are here.

6 Apr 20178min

7MS #251: Blackholing Malvertising with Pi-Hole

7MS #251: Blackholing Malvertising with Pi-Hole

Show notes are here

30 Mars 201710min

7MS #250: The PBS Telethon Episode!

7MS #250: The PBS Telethon Episode!

Show notes for today's episode can be found here!

23 Mars 201710min

Populärt inom Politik & nyheter

aftonbladet-krim
svenska-fall
motiv
p3-krim
flashback-forever
rss-viva-fotboll
fordomspodden
politiken
aftonbladet-daily
rss-sanning-konsekvens
rss-krimstad
rss-vad-fan-hande
spar
olyckan-inifran
rss-krimreportrarna
rss-frandfors-horna
dagens-eko
blenda-2
rss-flodet
rss-expressen-dok