7MS #361: Logging Made Easy
Today we're talking about Logging Made Easy, a project that, as its name implies...makes Windows endpoint logging easy! I love it. It offers a simple, digestible walkthrough of several short "chapters" to get started. These chapters include: Chapter 1 - Set up Windows Event Forwarding Chapter 2 – Sysmon Install Chapter 3A – Database (Easy Method) Chapter 3B – Database (Manual Method) Chapter 4 - Post Install Actions Besides having a small issue with a batch script (resolved as of 5/3) and a another snafu (that's probably my fault), it's a simple and effective way to get logging spun up in your environment!
3 Maj 201926min
7MS #360: Active Directory Security 101 - Part 2
This episode of the 7 Minute Security podcast is brought to you by Netwrix. Netwrix Auditor empowers IT pros to detect, investigate and resolve critical issues before they stifle business activity, and proactively identify and mitigate misconfigurations in critical IT systems that could lead to downtime. For more information, visit netwrix.com. In today's program we continue a series on fundamental Active Directory security that we started back in episode 327. I took all the things I talked about in that episode, as well as the new additions discussed today: Finding your most vulnerable AD abuse paths with BloodHound. For a two-part pentest tale showing how BloodHound can be used/abused by attackers, check out episodes 353 and 354. Get a deep-dive look at your AD machines, users, shares, OS versions and more with Network Detective. How to de-escalate local admins (and prevent them from over-using/abusing the use of their privileged account) Although I haven't tested it yet, Logging Made Easy looks like an awesome and free way to get some entry-level logging setup in your environment. Can't wait for a good lab day to play! Here are ALL the AD Security 101 tips in a delicious [gist].
25 Apr 201922min
7MS #359: Windows 10 Security Baselining
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! In this episode I explore some ways you can turn up the security heat on your Windows workstations by mapping their security to a hardening standard and/or baseline. Specifically, I cover: NIST STIG for Windows 10 Heimdal Security - Windows 10 Hardening Guide Center for Internet Security's security benchmarks Windows Security Compliance Toolkit (SCT) I think one path to success is to use the Windows SCT as a way to create a baseline, and then use it - plus some of the other guides and standards - to gradually turn the security screws on the OS. Don't just import a GPO template and turn on 123,456,789 settings at once. You'll likely bring the network to its knees! Got a better/faster/stronger way to accomplish baselining? Let me know!
19 Apr 201926min
7MS #358: 4 Ways to Write a Better Pentest Report
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! This week we're talking about everybody's favorite topic: REPORT WRITING! Yay! The peasants rejoice! In the last few months I've seen a lot of reports from other companies, and here are a few key problems I see with them: Too long - overall these things are waaAAaAaaAayyyYYYYYYyyy too long. I see reports where the analyst has copied and pasted an entire Nessus report into the main report. Yikes. That makes these things weigh in at hundreds(!) of pages. Too techie - these reports look like their written from one techie to another. Nothing wrong with that, really, however in many cases the key person that needs to "get it" is a manager or C-level position who needs to understand the risks in plain English. No narrative - the reports are just a long laundry list of vulnerabilities without any context of how the pentest was conducted or which vulns should be fixed first. Weak remediation - most of the findings are accompanied by whatever remediation instructions are provided by the vuln-scanner or other tool. We can do better than this! How? Listen to today's episode :-). Oh, and don't forget to come to the next 7MS User Group meeting on Monday, April 22! Details here!
16 Apr 201939min
7MS #357: 7 Minutes of IT and Security Tips
Today I'm launching an ongoing series called 7MOIST. It stands for: 7 Minutes of IT and Security Tips The wildest, craziest, nuttiest part of this series is that each episode will be 7 minutes long! I know, I know! You're saying, "Wait a sec, bub, isn't that why this podcast is called 7 Minute Security in the first place?" And yes, you'd be right. Basically, this is my way of going old school and getting back my podcast "roots" by delivering an episode before we had an intro jingle, interviews, sponsors, banter about hot cocoas or an outro song. Nothing but delicious content today friends, Enjoy! Today's theme is: Windows command line shortcuts and tips: Creative ways to play with cmd Basically, you can do Windows Key + R then type cmd and Enter for quick access to command line. But lets do some more fun stuff. Wanna open a command window from the desktop and launch a command in one swoop? Try this: cmd /k For example: cmd /k ping 192.168.0.1 The cmd /k part opens a command window, and then ping 192.168.0.1 can be whatever command you also want to run on the fly. And if you want to start programs and/or open files right from the command line, you can do that (in most cases) by just typing the program name, like: notepad Or, get really fancy and add a document name after the command. For example: notepad meow.txt If meow.txt doesn't exist, Notepad will simply ask you to create it! Finding files faster Call me crazy, but the Windows find/search feature sometimes doesn't find stuff that I know is there. So I still like using old school DOS commands for this. I might do something like: cd \ dir /s *brian*.doc The dir stands for directory, and the /s tells the system to search recursively. See 7ms.us for the rest of today's show notes!
11 Apr 20197min
7MS #356: Faster Hard Drive Forensics with CyLR and CDQR
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! In today's episode I talk about some cool tools you can use to start a hard drive forensics investigation more quickly. Resources talked about on today's podcast include: Forensics 101 - a talk I did for the 7MS user group in January The Digital Forensics Survival Podcast is a FANTASTIC resource to learn more about forensics CyLR works great to do quick live disk artifact-gathering on a suspect system, and then... CDQR can step in and analyze the info you gathered with CyLR and spit out helpful reports to begin your investigation YouTube video of the CyLR/CDQR creators demonstrating the tools and doing a live demo of artifact collection/analysis Did you miss this week's mousejacking Webinar? Also, DIY $500 Pentest Lab - Part 2 is up on YouTube. And we've got a fun Webinar on MITRE ATT&CK coming up in May. Sign up here
3 Apr 201924min
7MS #355: Mousejacking!
This episode is brought to you by Netwrix Auditor, which empowers IT pros to detect, investigate and resolve critical issues before they stifle business activity, and proactively identify and mitigate misconfigurations in critical IT systems that could lead to downtime. In this episode, we talk about the Mousejacking attack, which allows someone with a crazy radio (or other similar device) to inject keystrokes into vulnerable keyboards and mice. Yikes! Not trying to be a doom and gloom guy here, but using this Mousejacking attack, pentesters/attackers could take over your entire Active Directory in just seconds - from the parking lot! I'll talk about how exactly that could be done - as well as ways to defend against mousejacking - in today's episode. If this episodes primes your appetite for more Mousejackin' fun, join me and my pals Paul and Dan for a deep-dive Mousejacking Webinar on Tuesday, April 2 at 12 p.m. CST! Some resources talked about in today's episode: Mousejack.com - great demo video of the attack Crazy Radio PA - one hardware option to perform mousejacking attacks Custom mousejacking firmware for Crazy Radio PA Jackit - tool for conducting mousejack attacks A cool Twitter thread on using mousejacking for pentests Vulnerable devices - nice repository of devices known to be susceptible to mousejacking attacks
27 Mars 201927min
7MS #354: Tales of Internal Pentest Pwnage - Part 2
Today's episode is the thrilling, exciting, heart-pounding conclusion of Tales of Internal Pentest Pwnage - Part 1. In this episode, we cover the final "wins" that got me to Domain Admin status (and beyond!): Got DA but can't get to your final "crown jewels" destinations? How about going after the organization's backups (evil grin!) Got DA but stuck to find hot leads to where the crown jewels are? Get snoopy and go through people's files, folders and...bookmark caches! (evil grin #2!) If your nmap/eyewitness scan turns up Web sites with simply an IIS default landing page or "It works!" Apache page on it, there's probably more there than meets the eye. We also talk about lessons learned from this pentest - both things done well and things the org can do to make the next pentester's job a lot harder.
25 Mars 201938min
