7MS #496: Tales of Pentest Pwnage - Part 30
Today's tale of pentesting has a bunch of tips to help you maximize your pwnage, including: The new Responder DHCP poisoning module All the cool bells and whistles from CrackMapExec which now include new lsass-dumping modules! Speaking of lsass dumping, here's a new trick that works if you have Visual Studio installed (I bet it will be detected soon). I close out today's episode with a story about how my Cobalt Strike beacons got burned by a dating site!
24 Nov 202148min
7MS #495: Desperately Seeking a Super SIEM for SMBs - Part 5
Today we continue our SIEM/SOC evaluation series with a closer look at one particular managed solution and how it fared (very well) against a very hostile environment: the Light Pentest LITE pentesting course! Spoiler alert: this solution was able to detect: RDP from public IPs Password spraying Kerberoasting Mimikatz Recon net commands Hash dumping Hits on a "honey domain admin" account Users with non-expiring passwords Hits on the SSH/FTP/HTTP honeypot
17 Nov 202139min
7MS #494: Interview with Josh Burnham of Liquid Web
10 Nov 202145min
7MS #493: 7MOIST - Part 2
Hey, remember back in episode #357 where we introduced 7MOIST (7 Minutes of IT and Security Tips)? Yeah, me neither :-). Anyway, we're back with the second edition of 7MOIST and have some cool pentesting and general IT tips that will hopefully make your life a little awesome-r: Stuck on a pentest because EDR keeps gobbling your payloads? SharpCradle might just save the day! CrackMapExec continues to learn new awesome tricks - including a module called slinky that plants hash-grabbing files on shares you have write access to! Browsing 17 folders deep in Windows Explorer and wish you could just pop a cmd.exe from right there? You can! Just click into the path where you're browsing, type cmd.exe, hit Enter and BOOM! Welcome to a prompt right at that folder!
4 Nov 20217min
7MS #492: Tales of Pentest Pwnage - Part 29
Hello friends! We're long overdue for a tale of pentest pwnage, and this one is a humdinger! It's actually kind of three tales in one, focusing on pentesting wins using: Manual "open heart surgery" on the root of the Active Directory domain The new totally rad DHCP poisoning module of Responder An opportunity to abuse GPOs with SharpGPOAbuse (P.S. we talked about this tool about a year ago in episode 441)
28 Okt 202156min
7MS #491: Interview with Louis Evans of Arctic Wolf
Today we're joined by Louis Evans of Arctic Wolf to talk about all things cyber insurance, including: History on cyber insurance - who's buying it, what it does and doesn't cover, and when it started to be something you didn't want to leave home without What are insurance companies asking/demanding of customers before writing a cyber insurance policy? What basic things organizations can do to reduce malware/ransomware incidents (whether they are considering a cyber insurance policy or not)? How do I evaluate the various insurance carriers out there and pick a good one?
20 Okt 202152min
7MS #490: Desperately Seeking a Super SIEM for SMBs - Part 4
Hey friends! Today we're going to recap the SIEM/SOC players we've evaluated so far (Arctic Wolf, Elastic, Sumo Logic, Milton Security) and then talk about a new contender that was brought to our attention: Blumira (not a sponsor, but I'm really digging what I'm seeing/hearing/experiencing thus far)!
13 Okt 202142min
7MS #489: Ping Castle
Today we're talking about Ping Castle (not a sponsor), an awesome tool for enumerating tons of info out of your Active Directory environment and identifying weaknesses, misconfigurations and paths to escalation! It's wonderful for both red and blue teamers. Some of Ping Castle's cool features include being able find: Kerberoastable and ASREPRoastable users Plain text passwords lingering in Group Policy Objects Users with never-expiring passwords Non-supported versions of Windows Machines configured with unconstrained delegation Attack and escalation paths to Domain Admins
6 Okt 202158min
