7MS #558: How to Build a Vulnerable Pentest Lab - Part 2
7 Minute Security7 Feb 2023

7MS #558: How to Build a Vulnerable Pentest Lab - Part 2

Today we continue part 2 of a series we started a few weeks ago all about building a vulnerable pentesting lab. Check out the video above, and here are the main snippets of code and tips to get you going:

  • Use Youzer to import a bunch of bogus users into your Active Directory:
sudo python ./youzer.py --generate --generate_length 20 --ou "ou=Contractors,dc=brifly,dc=us" --domain brifly.us --users 1000 --output lusers.csv
  • Make a Kerberoastable user:
New-AdUser -Name "Kerba Roastable" -GivenName "Kerba" -Surname "Roastable" -SamAccountName Kerba -Description "ROASTED!" -Path "OU=Contractors,DC=brifly,DC=us" -AccountPassword (ConvertTo-SecureString "Password1" -AsPlainText -force) -passThru -PasswordNeverExpires $true enable-adaccount Kerba setspn -a IIS_SITE/brifly-dc01.brily.us:77777 briflyus\kerba

Avsnitt(704)

7MS #255: PwnPro 101

7MS #255: PwnPro 101

I'm kicking the tires on the PwnPro which is an all-in-one wired, wireless and Bluetooth assessment and pentesting tool. Upon getting plugged into a network, it peers with a cloud portal and lets you assess and pentest from the comfort of your jammies back at your house! Oh, and did I mention it runs Kali on the back end? Delicious. Today's episode dives into some of what I've been learning about the PwnPro as I run it through its paces at work and warm it up for our first customer assessment...

27 Apr 201710min

7MS #254: Bash Bunny

7MS #254: Bash Bunny

I've been working with the Bash Bunny for the past few weeks in preparation for a presentation/demo I'm doing in a few weeks. Today I want to talk about what the Bunny is, the cool things it can do, and some of my favorite payloads. Also, I started thinking about what conversation topics spawn from a demo of the Bunny. Specifically, I want to know how people would defend against the Bunny using AD policies, peripheral controls, etc. Check out the Hak5 thread I started about this, as it has got some great ideas.

20 Apr 201710min

7MS #253: Desperately Seeking Service Accounts

7MS #253: Desperately Seeking Service Accounts

Find the show notes here!

13 Apr 20179min

7MS #252: LAPS - Local Administrator Password Solution

7MS #252: LAPS - Local Administrator Password Solution

Show notes are here.

6 Apr 20178min

7MS #251: Blackholing Malvertising with Pi-Hole

7MS #251: Blackholing Malvertising with Pi-Hole

Show notes are here

30 Mars 201710min

7MS #250: The PBS Telethon Episode!

7MS #250: The PBS Telethon Episode!

Show notes for today's episode can be found here!

23 Mars 201710min

7MS #249: AlienVault Certified Security Engineer - Part 1

7MS #249: AlienVault Certified Security Engineer - Part 1

Show notes are here.

16 Mars 20179min

7MS #248: How to Hack the 10 O'clock News

7MS #248: How to Hack the 10 O'clock News

Show notes are here.

9 Mars 201711min

Populärt inom Politik & nyheter

aftonbladet-krim
motiv
svenska-fall
p3-krim
fordomspodden
rss-krimstad
flashback-forever
rss-viva-fotboll
blenda-2
aftonbladet-daily
rss-sanning-konsekvens
rss-vad-fan-hande
rss-frandfors-horna
rss-krimreportrarna
grans
dagens-eko
olyckan-inifran
rss-flodet
svd-nyhetsartiklar
rss-expressen-dok