7 Minute Security12 Aug 2022

7MS #533: Tales of Pentest Pwnage - Part 40

Ok, ok, I know. I almost always say something like "Today is my favorite tale of pentest pwnage." And guess what? Today is my favorite tale of pentest pwnage, and I don't even know how it's going to end yet, so stay tuned to next week's (hopefully) exciting conclusion. For today, though, I've got some pentest tips to hopefully help you in your journeys of pwnage:

PowerHuntShares is awesome at finding SMB shares and where you have read/write permissions on them. Note there is a -Threads flag to adjust the intensity of your scan.
Are your mitm6 attacks not working properly - even though they look like they should? There might be seem LDAP/LDAPs protections in play. Use LdapRelayScan to verify!
Are you trying to abuse Active Directory Certificate Services attack ESC1 but things just don't seem to be working? Make sure the cert you are forging is properly representing the user you are trying to spoof by using Get-LdapCurrentUser.ps1. Also look at PassTheCert as another tool to abuse ADCS vulnerabilities.

Example syntax for LdapCurrentUser:

Get-LdapCurrentUser -certificate my.pfx -server my.domain.controller:636 -usessl -CertificatePassword admin

If you manage to get your hands on an old Active Directory backup, this PowerShell snippet will help you get a list of users from the current domain, sorted by passwordlastset. That way you can quickly find users who haven't changed their password since the AD backup:

get-aduser -filter * -server victimdomain.local -properties pwdlastset,passwordlastset,enabled | where { $_.Enabled -eq $True} | select-object samaccountname,passwordlastset | sort-object passwordlastset

Upptäck Premium

Prova 14 dagar kostnadsfritt

Skaffa Premium

Avsnitt(719)

7MS #439: Cyber News - Ransomware is Definitely Still a Thing Edition

Happy October and merry Halloween everybody! We're back with our buddy Joe "the machine" Skeen who is also now a Principal Security Engineer for 7MS! He's also working on a new cert, and speaking of c...

29 Okt 20201h 9min

7MS #438: PCI Professional Certification (PCIP) - Part 4

Yay - I'm a PCIP now! I welcome you to check out our past episodes on PCIP, but in some ways this will be the be all, end all episode on the topic. Today I cover: Study materials that helped me prepar...

21 Okt 202038min

7MS #437: Homecoming and Home ioT Security - Part 3

Hello! This episode is a true homecoming in that I actually recorded it from home. Yay! WARNING!!! WARNING!!! This episode contains a ton of singing. If you don't like singing, do not listen!!! With t...

14 Okt 202039min

7MS #436: Cleaning Up Your Cloud Clutter

Hey, hope you're having a great week! The last few weeks have had somewhat of a homecoming and home cleaning theme. To continue that train of thought, over the last few days I've gotten heavy into cle...

7 Okt 202048min

7MS #435: Homecoming and Home ioT Security - Part 2

Hi again! It's sort of fun to release two episodes in one week for a change. If you missed part 1 on our ioT security series, check it out here. Today we dive into some free/cheap monitoring solutions...

2 Okt 202041min

7MS #434: Homecoming and Home ioT Security

WE'RE HOME! After almost a year after our fire, we're back, baby! This episode is somewhat of a homecoming that dovetails into an episode about ioT security. I've basically done a 180 degree spin on i...

1 Okt 202034min

7MS #433: Cyber News - Security Skills Gap Edition

Hi! Today our pal Joe "The Machine" Skeen (a.k.a. Gh0sthax has prepared some cyber-licious actionable news stories for us to chew on. Today's stories include: Cybersecurity skills gap (powered by l...

23 Sep 202047min

7MS #432: Tales of Internal Network Pentest Pwnage - Part 21

Yay! It's time for another tale of pentest pwnage! Highlights include: Making sure you take multiple rounds of "dumps" to get all the delicious local admin creds. Why lsassy is my new best friend....

16 Sep 202044min

Allt en och samma app

Lyssna på dina favoritpoddar och ljudböcker på ett och samma ställe.

Noga utvalt innehåll

Njut av handplockade tips som passar din smak – utan ändlöst scrollande.

Fortsätt när du vill

Fortsätt lyssna där du slutade – även offline.

Premium

99 kr/ månad

Tillgång till alla Premium-poddar
Reklamfritt premium-innehåll
Avsluta när du vill

Prova 14 dagar gratis

Premium

129 kr/ månad

Tillgång till alla Premium-poddar
Reklamfritt premium-innehåll
Avsluta när du vill
Ett extra konto

Prova 14 dagar gratis

Populärt inom Politik & nyheter

Berättelserna och rösterna du älskar att lyssna på

Obegränsad lyssning på alla dina favoritpoddar och ljudböcker

Upptäck Premium