7MS #460: Why I'm Throwing My UniFi Gear Into the Ocean
7 Minute Security24 Mars 2021

7MS #460: Why I'm Throwing My UniFi Gear Into the Ocean

Hey friends! Warning: this is not a "typical" 7MS episode where we try hard to deliver some level of security value.

Instead, today is a big, fat, crybaby, first-world problems whine-fest about how I used to love my UniFi gear for many years, but then a few weeks ago I hit unhealthy levels of rage while working with it...and subsequently completely ripped it all out of the wall and threw it in a plastic bin.

Let me say it one more time: if you don't like rants of rage, skip this episode and we'll see you next week!. If you want to hang in for this clown show, you'll be treated to some of the following highlights:

  • How I did not pirate Boson NetSim

  • How I fell in love with the Edge Router X as an up-and-coming network guru

  • The schedule isn't up, but I'm speaking at Secure360 this year!

  • My shiny new Dream Machine had a really fun issue where one morning Internet service was dead (even though config hadn't changed in weeks), and restoring the SAME config over the RUNNING config fixed the issue. Whaaahhhh?

  • The Dream Machine GUI (at the time) doesn't have all the options one might need to stand up a site to site VPN. Neat.

  • After a firmware update, my wifi started going down from 8:00 a.m. - 8:07 a.m. every morning. Were one of you hacking me? WERE ONE OF YOU HACKING ME!

  • Once I got a BeaconHD, I got a new fun issue where if you were connected to it and submitted a wifi voucher, the Beacon wouldn't properly recognize it and let you on the Internet until about 5 minutes later. Guests loved that! And by "loved that" I mean "hated that."

  • After upgrading UDM firmware again, a new nifty issue popped its head up which broke all my inter-VLAN rules. Yay!

  • I threw hundreds of dollars at new UniFi switches and access points to solve all these problems, and everything worked perfectly (until it didn't).

Avsnitt(683)

7MS #555: Light Pentest eBook 1.1 Release

7MS #555: Light Pentest eBook 1.1 Release

Today we're releasing version 1.1 of our Light Pentest eBook. Changes discussed in today's episode (and shown live in the accompanying YouTube video) include: Some typos and bug fixes A new section on finding systems with unconstrained delegation and exploiting them A new section on finding easily pwnable passwords via password spraying A new section relaying credentials with MITM6 (be careful using some of its options - read this New ways (and some words of warning) to dump hashes from Active Directory

13 Jan 20237min

7MS #554: Simple Ways to Test Your SIEM

7MS #554: Simple Ways to Test Your SIEM

Today we talk about Simple Ways to Test Your SIEM. Feel free to check out the YouTube version of this presentation, as well as our interview with Matt from Blumira for even more context, but here are the essential tools and commands covered: Port scanning nmap 10.0.7.0/24 - basic nmap scan massscan -p1-65535,U:1-65535 --rate=1000 10.0.7.0/24 -v - scan all 65k+ TCP and UDP ports! Password spraying Rubeus.exe spray /password:Winter2022! /outfile:pwned.txt - try to log into all AD accounts one time with Winter2022! as the password, and save any pwned creds to pwned.txt Kerberoasting and ASREPRoasting rubeus.exe kerberoast /simple rubeus asreproast /nowrap Key group membership changes net group "GROUP NAME" user-to-add-to-a-group /add Dump Active Directory hashes cme smb IP.OF.THE.DOMAINCONTROLLER -u user -p password --ntds --enabled ntdsutil "ac i ntds" "ifm" "create full c:\dc-backup" q q SMB share hunting Invoke-HuntSMBShares -Threads 100 -OutputDirectory C:\output - SMB enumeration using PowerHuntShares

6 Jan 202359min

7MS #553: The Artificial Intelligence Throat Burn Episode

7MS #553: The Artificial Intelligence Throat Burn Episode

Hey friends, today's episode is hosted by an AI from Murf.ai because I suffered a throat injury over the holidays and spent Christmas morning in the emergency room! TLDL: I'm fine, but if you want the (sort of) gory details and an update on my condition after my ENT appointment, check out today's episode. Otherwise, we'll see you next week when our regularly scheduled security content continues in 2023. Merry belated Christmas, happy holidays and happiest of new year to you and yours!

30 Dec 20225min

7MS #552: Tales of Pentest Pwnage - Part 45

7MS #552: Tales of Pentest Pwnage - Part 45

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Today's tale of pentest pwnage covers some of the following attacks/tools: Teleseer for packet capture visualizations on steroids! Copernic Desktop Search Running Responder as Responder.py -I eth0 -A will analyze traffic but not poison it I like to run mitm6 in one window with mitm6.py -i eth0 -d mydomain.com --no-ra --ignore-nofqdn and then in another window I do ntlmrelayx.py -6 -wh doesntexist -t ldaps://ip.of.the.dc -smb2support --delegate-access > relaysRphun.log - that way I always have a log of everything happening during the mitm6 attack Vast.ai looks to be a cost-effective way to crack hashes in the cloud (haven't tested it myself yet)

24 Dec 202257min

7MS #551: Interview with Matt Warner of Blumira

7MS #551: Interview with Matt Warner of Blumira

Today we welcome our pal Matthew Warner (CTO and co-founder of Blumira) back to the show for a third time (his first appearance was #507 and second was #529). I complained to Matt about how so many SIEM/SOC solutions don't catch early warning signs of evil things lurking in customer networks. Specifically, I whined about 7 specific, oft-missed attacks like port scanning, Kerberoasting, ASREPRoasting, password spraying and more. (Shameless self-promotion opportunity: I will be discussing these attacks on an upcoming livestream on December 29). Matt dives into each of these attacks and shares some fantastic insights into what they look like from a defensive perspective, and also offers practical strategies and tools for detecting them! Note: during the discussion, Matt points out a lot of important Active Directory groups to keep an eye on from a membership point of view. Those groups include: ASAAdmins Account Operators Administrators Administrators Backup Operators Cert Publishers Certificate Service DCOM DHCP Administrators Debugger Users DnsAdmins Domain Admins Enterprise Admins Enterprise Admins Event Log Readers ExchangeAdmins Group Policy Creator Owners Hyper-V Administrators IIS_IUSRS IT Compliance and Security Admins Incoming Forest Trust Builders MacAdmins Network Configuration Operators Schema Admins Server Operators ServerAdmins SourceFireAdmins WinRMRemoteWMIUsers WorkstationAdmins vCenterAdmins

16 Dec 20221h 10min

7MS #550: Tales of Pentest Fail - Part 5

7MS #550: Tales of Pentest Fail - Part 5

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. Hey friends, today's episode is extra special because it's our first episode we've ever done live and with video(!). Will we do it again? Who knows. But anyway, we had a fun time talking about things that have gone not so well during pentesting lately, specifically: Things we keep getting caught doing (and some potential ways to not get caught! Responder SharpHound CrackMapExec - specifically running -x or -X to enumerate systems PowerHuntShares "FUD sprinklers" - people who cast fear, uncertainty and doubt on your pentest findings A story about the time I took down a domain controller (yikes)

9 Dec 202252min

7MS #549: Interview with Christopher Fielder and Daniel Thanos of Arctic Wolf

7MS #549: Interview with Christopher Fielder and Daniel Thanos of Arctic Wolf

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. Today my friends Christopher Fielder and Daniel Thanos from Arctic Wolf chat with me about what kinds of icky things bad guys/gals are doing to our networks, and how we can arm ourselves with actioanble threat intelligence and do something about it! P.S. This is Christopher's seventh time on the program. Be sure to check out his first, second, third, fourth, fifth and sixth interviews with 7MS.

2 Dec 20221h 1min

7MS #548: Tales of Pentest Pwnage - Part 44

7MS #548: Tales of Pentest Pwnage - Part 44

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Happy belated Thanksgiving! This is not a brag or a flex, but this episode covers a coveted achievement I haven't achieved in my whole life...until now: TDAD: Triple Domain Admin Dance!!!!1111!!!1!1!!!! We talk about the fun attack path that led to the TDAD (hint: always check Active Directory user description fields!), as well as a couple quick, non-spoilery reviews of a few movies: V for Vendetta and The Black Phone.

25 Nov 202250min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
rss-krimstad
flashback-forever
rss-vad-fan-hande
aftonbladet-daily
rss-viva-fotboll
olyckan-inifran
rss-sanning-konsekvens
svenska-fall
krimmagasinet
fordomspodden
motiv
rss-expressen-dok
rss-frandfors-horna
dagens-eko
blenda-2
svd-nyhetsartiklar
spar
spotlight